You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apisix.apache.org by Jatinder Kaur <ja...@escalon.services.INVALID> on 2021/11/05 13:58:33 UTC
IP Restriction Plugin
Hi Team,
I am trying IP restriction Plugin I have whitelisted 2 Ips on one route but it says "IP does not allowed"
when I am hitting the endpoint from servers which is Ip is allowed on endpoint. How can I debug this issue ? How IP restriction plugin detect the IPs from the request ?
I am using PHP curl to request the apisix endpoint...
I posted the same on slack but didn't get the answer. Please help me on it.
Thanks
Jatinder
[https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
Jatinder Kaur
Technical Architect, Escalon Services
www.escalon.services<http://www.escalon.services>
jatinder.kaur@escalon.services <ma...@escalon.services>
Re: IP Restriction Plugin
Posted by JinChao Shuai <sh...@apache.org>.
Is X-Forwarded-For set? What is the result now?
Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月10日周三
下午1:14写道:
> Hi,
>
> I am using following parameters in Nginx configuration file.
>
> real_ip_header X-Real-IP;
> real_ip_recursive off;
> set_real_ip_from <Public IP of NGINX>;
>
> Thanks
> Jatinder
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
> ________________________________
> From: JinChao Shuai <sh...@apache.org>
> Sent: Wednesday, November 10, 2021 8:13 AM
> To: dev@apisix.apache.org <de...@apisix.apache.org>
> Subject: Re: IP Restriction Plugin
>
> Please refer to Yang Li answer, first observe the source IP address through
> APISIX access log. If the address is a proxy IP address, set real_ip at the
> proxy layer Nginx.
>
> Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月9日周二
> 下午10:52写道:
>
> > Thanks for answering.
> >
> > When I am trying IP:PORT its working fine but when I am using nginx
> > reverse proxy it is showing Apisix container IP in access logs and apisix
> > does not validate the IP and says "IP does not allowed".
> >
> > What you suggest I can do further.
> >
> > Zexuan Luo<https://app.slack.com/team/U01P169M64F> answer did not help
> > me. I am not able to understand that
> >
> > Thanks
> >
> > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > http://www.escalon.services>
> >
> >
> > Jatinder Kaur
> > Technical Architect, Escalon Services
> > www.escalon.services<http://www.escalon.services><
> http://www.escalon.services<http://www.escalon.services>>
> >
> > jatinder.kaur@escalon.services <ma...@escalon.services>
> >
> >
> >
> >
> >
> > ________________________________
> > From: Zhiyuan Ju <ju...@apache.org>
> > Sent: Tuesday, November 9, 2021 11:17 AM
> > To: dev@apisix.apache.org <de...@apisix.apache.org>
> > Subject: Re: IP Restriction Plugin
> >
> > Hi,
> >
> > > I posted the same on slack but didn't get the answer. Please help me on
> > it.
> >
> > I noticed Zexuan Luo has replied you here[1], please take a look :)
> >
> > [1] https://the-asf.slack.com/archives/CUC5MN17A/p1636165161039100
> >
> > Best Regards!
> > @ Zhiyuan Ju <https://github.com/juzhiyuan>
> >
> >
> > Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月8日周一
> > 下午10:08写道:
> >
> > > Hi Li Yang,
> > >
> > > Thanks for answering me.
> > >
> > > When I am trying IP:PORT its working fine but when I am using nginx
> > > reverse proxy it is showing Apisix container IP in access logs and
> apisix
> > > does not validate the IP and says "IP does not allowed".
> > >
> > > What you suggest I can do further.
> > >
> > > Thanks
> > >
> > >
> > > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > > http://www.escalon.services>
> > >
> > >
> > > Jatinder Kaur
> > > Technical Architect, Escalon Services
> > > www.escalon.services<http://www.escalon.services><<
> http://www.escalon.services<http://www.escalon.services><>
> > http://www.escalon.services<http://www.escalon.services>>
> > >
> > > jatinder.kaur@escalon.services <ma...@escalon.services>
> > >
> > >
> > >
> > >
> > >
> > > ________________________________
> > > From: Li Yang <ya...@apache.org>
> > > Sent: Friday, November 5, 2021 7:45 PM
> > > To: jatinder.kaur@escalon.services.invalid
> > > <ja...@escalon.services.invalid>
> > > Cc: dev@apisix.apache.org <de...@apisix.apache.org>
> > > Subject: Re: IP Restriction Plugin
> > >
> > > [You don't often get email from yangli@apache.org. Learn why this is
> > > important at http://aka.ms/LearnAboutSenderIdentification.]
> > >
> > > Hi Jatinder,
> > >
> > > You can check the access log and the remote address will show you what
> > > the IP address APISIX got from the request.
> > >
> > > If the IP is what you expect, try debugging this:
> > > 1. See whether there is one or more nodes between the APISIX and your
> > > request client.
> > > 2. Check real_ip_module, it's possible that APISIX thinks the direct
> > > previous hop's IP is the client's IP.
> > >
> > > On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
> > > <ja...@escalon.services.invalid> wrote:
> > > >
> > > > Hi Team,
> > > >
> > > > I am trying IP restriction Plugin I have whitelisted 2 Ips on one
> route
> > > but it says "IP does not allowed"
> > > > when I am hitting the endpoint from servers which is Ip is allowed on
> > > endpoint. How can I debug this issue ? How IP restriction plugin detect
> > the
> > > IPs from the request ?
> > > >
> > > > I am using PHP curl to request the apisix endpoint...
> > > >
> > > > I posted the same on slack but didn't get the answer. Please help me
> on
> > > it.
> > > >
> > > > Thanks
> > > > Jatinder
> > > >
> > > > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png
> ]<
> > > http://www.escalon.services>
> > > >
> > > >
> > > > Jatinder Kaur
> > > > Technical Architect, Escalon Services
> > > > www.escalon.services<http://www.escalon.services><<<
> http://www.escalon.services<http://www.escalon.services><<>
> > http://www.escalon.services<http://www.escalon.services><>
> > > http://www.escalon.services<http://www.escalon.services>>
> > > >
> > > > jatinder.kaur@escalon.services <mailto:
> jatinder.kaur@escalon.services>
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> >
>
>
> --
> Thanks,
> Janko
>
--
Thanks,
Janko
Re: IP Restriction Plugin
Posted by Jatinder Kaur <ja...@escalon.services.INVALID>.
Hi,
I am using following parameters in Nginx configuration file.
real_ip_header X-Real-IP;
real_ip_recursive off;
set_real_ip_from <Public IP of NGINX>;
Thanks
Jatinder
[https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
Jatinder Kaur
Technical Architect, Escalon Services
www.escalon.services<http://www.escalon.services>
jatinder.kaur@escalon.services <ma...@escalon.services>
________________________________
From: JinChao Shuai <sh...@apache.org>
Sent: Wednesday, November 10, 2021 8:13 AM
To: dev@apisix.apache.org <de...@apisix.apache.org>
Subject: Re: IP Restriction Plugin
Please refer to Yang Li answer, first observe the source IP address through
APISIX access log. If the address is a proxy IP address, set real_ip at the
proxy layer Nginx.
Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月9日周二
下午10:52写道:
> Thanks for answering.
>
> When I am trying IP:PORT its working fine but when I am using nginx
> reverse proxy it is showing Apisix container IP in access logs and apisix
> does not validate the IP and says "IP does not allowed".
>
> What you suggest I can do further.
>
> Zexuan Luo<https://app.slack.com/team/U01P169M64F> answer did not help
> me. I am not able to understand that
>
> Thanks
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services><http://www.escalon.services<http://www.escalon.services>>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
> ________________________________
> From: Zhiyuan Ju <ju...@apache.org>
> Sent: Tuesday, November 9, 2021 11:17 AM
> To: dev@apisix.apache.org <de...@apisix.apache.org>
> Subject: Re: IP Restriction Plugin
>
> Hi,
>
> > I posted the same on slack but didn't get the answer. Please help me on
> it.
>
> I noticed Zexuan Luo has replied you here[1], please take a look :)
>
> [1] https://the-asf.slack.com/archives/CUC5MN17A/p1636165161039100
>
> Best Regards!
> @ Zhiyuan Ju <https://github.com/juzhiyuan>
>
>
> Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月8日周一
> 下午10:08写道:
>
> > Hi Li Yang,
> >
> > Thanks for answering me.
> >
> > When I am trying IP:PORT its working fine but when I am using nginx
> > reverse proxy it is showing Apisix container IP in access logs and apisix
> > does not validate the IP and says "IP does not allowed".
> >
> > What you suggest I can do further.
> >
> > Thanks
> >
> >
> > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > http://www.escalon.services>
> >
> >
> > Jatinder Kaur
> > Technical Architect, Escalon Services
> > www.escalon.services<http://www.escalon.services><<http://www.escalon.services<http://www.escalon.services><>
> http://www.escalon.services<http://www.escalon.services>>
> >
> > jatinder.kaur@escalon.services <ma...@escalon.services>
> >
> >
> >
> >
> >
> > ________________________________
> > From: Li Yang <ya...@apache.org>
> > Sent: Friday, November 5, 2021 7:45 PM
> > To: jatinder.kaur@escalon.services.invalid
> > <ja...@escalon.services.invalid>
> > Cc: dev@apisix.apache.org <de...@apisix.apache.org>
> > Subject: Re: IP Restriction Plugin
> >
> > [You don't often get email from yangli@apache.org. Learn why this is
> > important at http://aka.ms/LearnAboutSenderIdentification.]
> >
> > Hi Jatinder,
> >
> > You can check the access log and the remote address will show you what
> > the IP address APISIX got from the request.
> >
> > If the IP is what you expect, try debugging this:
> > 1. See whether there is one or more nodes between the APISIX and your
> > request client.
> > 2. Check real_ip_module, it's possible that APISIX thinks the direct
> > previous hop's IP is the client's IP.
> >
> > On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
> > <ja...@escalon.services.invalid> wrote:
> > >
> > > Hi Team,
> > >
> > > I am trying IP restriction Plugin I have whitelisted 2 Ips on one route
> > but it says "IP does not allowed"
> > > when I am hitting the endpoint from servers which is Ip is allowed on
> > endpoint. How can I debug this issue ? How IP restriction plugin detect
> the
> > IPs from the request ?
> > >
> > > I am using PHP curl to request the apisix endpoint...
> > >
> > > I posted the same on slack but didn't get the answer. Please help me on
> > it.
> > >
> > > Thanks
> > > Jatinder
> > >
> > > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > http://www.escalon.services>
> > >
> > >
> > > Jatinder Kaur
> > > Technical Architect, Escalon Services
> > > www.escalon.services<http://www.escalon.services><<<http://www.escalon.services<http://www.escalon.services><<>
> http://www.escalon.services<http://www.escalon.services><>
> > http://www.escalon.services<http://www.escalon.services>>
> > >
> > > jatinder.kaur@escalon.services <ma...@escalon.services>
> > >
> > >
> > >
> > >
> > >
> >
>
--
Thanks,
Janko
Re: IP Restriction Plugin
Posted by JinChao Shuai <sh...@apache.org>.
Please refer to Yang Li answer, first observe the source IP address through
APISIX access log. If the address is a proxy IP address, set real_ip at the
proxy layer Nginx.
Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月9日周二
下午10:52写道:
> Thanks for answering.
>
> When I am trying IP:PORT its working fine but when I am using nginx
> reverse proxy it is showing Apisix container IP in access logs and apisix
> does not validate the IP and says "IP does not allowed".
>
> What you suggest I can do further.
>
> Zexuan Luo<https://app.slack.com/team/U01P169M64F> answer did not help
> me. I am not able to understand that
>
> Thanks
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
> ________________________________
> From: Zhiyuan Ju <ju...@apache.org>
> Sent: Tuesday, November 9, 2021 11:17 AM
> To: dev@apisix.apache.org <de...@apisix.apache.org>
> Subject: Re: IP Restriction Plugin
>
> Hi,
>
> > I posted the same on slack but didn't get the answer. Please help me on
> it.
>
> I noticed Zexuan Luo has replied you here[1], please take a look :)
>
> [1] https://the-asf.slack.com/archives/CUC5MN17A/p1636165161039100
>
> Best Regards!
> @ Zhiyuan Ju <https://github.com/juzhiyuan>
>
>
> Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月8日周一
> 下午10:08写道:
>
> > Hi Li Yang,
> >
> > Thanks for answering me.
> >
> > When I am trying IP:PORT its working fine but when I am using nginx
> > reverse proxy it is showing Apisix container IP in access logs and apisix
> > does not validate the IP and says "IP does not allowed".
> >
> > What you suggest I can do further.
> >
> > Thanks
> >
> >
> > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > http://www.escalon.services>
> >
> >
> > Jatinder Kaur
> > Technical Architect, Escalon Services
> > www.escalon.services<http://www.escalon.services><
> http://www.escalon.services<http://www.escalon.services>>
> >
> > jatinder.kaur@escalon.services <ma...@escalon.services>
> >
> >
> >
> >
> >
> > ________________________________
> > From: Li Yang <ya...@apache.org>
> > Sent: Friday, November 5, 2021 7:45 PM
> > To: jatinder.kaur@escalon.services.invalid
> > <ja...@escalon.services.invalid>
> > Cc: dev@apisix.apache.org <de...@apisix.apache.org>
> > Subject: Re: IP Restriction Plugin
> >
> > [You don't often get email from yangli@apache.org. Learn why this is
> > important at http://aka.ms/LearnAboutSenderIdentification.]
> >
> > Hi Jatinder,
> >
> > You can check the access log and the remote address will show you what
> > the IP address APISIX got from the request.
> >
> > If the IP is what you expect, try debugging this:
> > 1. See whether there is one or more nodes between the APISIX and your
> > request client.
> > 2. Check real_ip_module, it's possible that APISIX thinks the direct
> > previous hop's IP is the client's IP.
> >
> > On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
> > <ja...@escalon.services.invalid> wrote:
> > >
> > > Hi Team,
> > >
> > > I am trying IP restriction Plugin I have whitelisted 2 Ips on one route
> > but it says "IP does not allowed"
> > > when I am hitting the endpoint from servers which is Ip is allowed on
> > endpoint. How can I debug this issue ? How IP restriction plugin detect
> the
> > IPs from the request ?
> > >
> > > I am using PHP curl to request the apisix endpoint...
> > >
> > > I posted the same on slack but didn't get the answer. Please help me on
> > it.
> > >
> > > Thanks
> > > Jatinder
> > >
> > > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> > http://www.escalon.services>
> > >
> > >
> > > Jatinder Kaur
> > > Technical Architect, Escalon Services
> > > www.escalon.services<http://www.escalon.services><<
> http://www.escalon.services<http://www.escalon.services><>
> > http://www.escalon.services<http://www.escalon.services>>
> > >
> > > jatinder.kaur@escalon.services <ma...@escalon.services>
> > >
> > >
> > >
> > >
> > >
> >
>
--
Thanks,
Janko
Re: IP Restriction Plugin
Posted by Jatinder Kaur <ja...@escalon.services.INVALID>.
Thanks for answering.
When I am trying IP:PORT its working fine but when I am using nginx
reverse proxy it is showing Apisix container IP in access logs and apisix
does not validate the IP and says "IP does not allowed".
What you suggest I can do further.
Zexuan Luo<https://app.slack.com/team/U01P169M64F> answer did not help me. I am not able to understand that
Thanks
[https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
Jatinder Kaur
Technical Architect, Escalon Services
www.escalon.services<http://www.escalon.services>
jatinder.kaur@escalon.services <ma...@escalon.services>
________________________________
From: Zhiyuan Ju <ju...@apache.org>
Sent: Tuesday, November 9, 2021 11:17 AM
To: dev@apisix.apache.org <de...@apisix.apache.org>
Subject: Re: IP Restriction Plugin
Hi,
> I posted the same on slack but didn't get the answer. Please help me on
it.
I noticed Zexuan Luo has replied you here[1], please take a look :)
[1] https://the-asf.slack.com/archives/CUC5MN17A/p1636165161039100
Best Regards!
@ Zhiyuan Ju <https://github.com/juzhiyuan>
Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月8日周一
下午10:08写道:
> Hi Li Yang,
>
> Thanks for answering me.
>
> When I am trying IP:PORT its working fine but when I am using nginx
> reverse proxy it is showing Apisix container IP in access logs and apisix
> does not validate the IP and says "IP does not allowed".
>
> What you suggest I can do further.
>
> Thanks
>
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services><http://www.escalon.services<http://www.escalon.services>>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
> ________________________________
> From: Li Yang <ya...@apache.org>
> Sent: Friday, November 5, 2021 7:45 PM
> To: jatinder.kaur@escalon.services.invalid
> <ja...@escalon.services.invalid>
> Cc: dev@apisix.apache.org <de...@apisix.apache.org>
> Subject: Re: IP Restriction Plugin
>
> [You don't often get email from yangli@apache.org. Learn why this is
> important at http://aka.ms/LearnAboutSenderIdentification.]
>
> Hi Jatinder,
>
> You can check the access log and the remote address will show you what
> the IP address APISIX got from the request.
>
> If the IP is what you expect, try debugging this:
> 1. See whether there is one or more nodes between the APISIX and your
> request client.
> 2. Check real_ip_module, it's possible that APISIX thinks the direct
> previous hop's IP is the client's IP.
>
> On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
> <ja...@escalon.services.invalid> wrote:
> >
> > Hi Team,
> >
> > I am trying IP restriction Plugin I have whitelisted 2 Ips on one route
> but it says "IP does not allowed"
> > when I am hitting the endpoint from servers which is Ip is allowed on
> endpoint. How can I debug this issue ? How IP restriction plugin detect the
> IPs from the request ?
> >
> > I am using PHP curl to request the apisix endpoint...
> >
> > I posted the same on slack but didn't get the answer. Please help me on
> it.
> >
> > Thanks
> > Jatinder
> >
> > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
> >
> >
> > Jatinder Kaur
> > Technical Architect, Escalon Services
> > www.escalon.services<http://www.escalon.services><<http://www.escalon.services<http://www.escalon.services><>
> http://www.escalon.services<http://www.escalon.services>>
> >
> > jatinder.kaur@escalon.services <ma...@escalon.services>
> >
> >
> >
> >
> >
>
Re: IP Restriction Plugin
Posted by Zhiyuan Ju <ju...@apache.org>.
Hi,
> I posted the same on slack but didn't get the answer. Please help me on
it.
I noticed Zexuan Luo has replied you here[1], please take a look :)
[1] https://the-asf.slack.com/archives/CUC5MN17A/p1636165161039100
Best Regards!
@ Zhiyuan Ju <https://github.com/juzhiyuan>
Jatinder Kaur <ja...@escalon.services.invalid> 于2021年11月8日周一
下午10:08写道:
> Hi Li Yang,
>
> Thanks for answering me.
>
> When I am trying IP:PORT its working fine but when I am using nginx
> reverse proxy it is showing Apisix container IP in access logs and apisix
> does not validate the IP and says "IP does not allowed".
>
> What you suggest I can do further.
>
> Thanks
>
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
> ________________________________
> From: Li Yang <ya...@apache.org>
> Sent: Friday, November 5, 2021 7:45 PM
> To: jatinder.kaur@escalon.services.invalid
> <ja...@escalon.services.invalid>
> Cc: dev@apisix.apache.org <de...@apisix.apache.org>
> Subject: Re: IP Restriction Plugin
>
> [You don't often get email from yangli@apache.org. Learn why this is
> important at http://aka.ms/LearnAboutSenderIdentification.]
>
> Hi Jatinder,
>
> You can check the access log and the remote address will show you what
> the IP address APISIX got from the request.
>
> If the IP is what you expect, try debugging this:
> 1. See whether there is one or more nodes between the APISIX and your
> request client.
> 2. Check real_ip_module, it's possible that APISIX thinks the direct
> previous hop's IP is the client's IP.
>
> On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
> <ja...@escalon.services.invalid> wrote:
> >
> > Hi Team,
> >
> > I am trying IP restriction Plugin I have whitelisted 2 Ips on one route
> but it says "IP does not allowed"
> > when I am hitting the endpoint from servers which is Ip is allowed on
> endpoint. How can I debug this issue ? How IP restriction plugin detect the
> IPs from the request ?
> >
> > I am using PHP curl to request the apisix endpoint...
> >
> > I posted the same on slack but didn't get the answer. Please help me on
> it.
> >
> > Thanks
> > Jatinder
> >
> > [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<
> http://www.escalon.services>
> >
> >
> > Jatinder Kaur
> > Technical Architect, Escalon Services
> > www.escalon.services<http://www.escalon.services><
> http://www.escalon.services<http://www.escalon.services>>
> >
> > jatinder.kaur@escalon.services <ma...@escalon.services>
> >
> >
> >
> >
> >
>
Re: IP Restriction Plugin
Posted by Jatinder Kaur <ja...@escalon.services.INVALID>.
Hi Li Yang,
Thanks for answering me.
When I am trying IP:PORT its working fine but when I am using nginx reverse proxy it is showing Apisix container IP in access logs and apisix does not validate the IP and says "IP does not allowed".
What you suggest I can do further.
Thanks
[https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
Jatinder Kaur
Technical Architect, Escalon Services
www.escalon.services<http://www.escalon.services>
jatinder.kaur@escalon.services <ma...@escalon.services>
________________________________
From: Li Yang <ya...@apache.org>
Sent: Friday, November 5, 2021 7:45 PM
To: jatinder.kaur@escalon.services.invalid <ja...@escalon.services.invalid>
Cc: dev@apisix.apache.org <de...@apisix.apache.org>
Subject: Re: IP Restriction Plugin
[You don't often get email from yangli@apache.org. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.]
Hi Jatinder,
You can check the access log and the remote address will show you what
the IP address APISIX got from the request.
If the IP is what you expect, try debugging this:
1. See whether there is one or more nodes between the APISIX and your
request client.
2. Check real_ip_module, it's possible that APISIX thinks the direct
previous hop's IP is the client's IP.
On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
<ja...@escalon.services.invalid> wrote:
>
> Hi Team,
>
> I am trying IP restriction Plugin I have whitelisted 2 Ips on one route but it says "IP does not allowed"
> when I am hitting the endpoint from servers which is Ip is allowed on endpoint. How can I debug this issue ? How IP restriction plugin detect the IPs from the request ?
>
> I am using PHP curl to request the apisix endpoint...
>
> I posted the same on slack but didn't get the answer. Please help me on it.
>
> Thanks
> Jatinder
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services><http://www.escalon.services<http://www.escalon.services>>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>
Re: IP Restriction Plugin
Posted by Li Yang <ya...@apache.org>.
Hi Jatinder,
You can check the access log and the remote address will show you what
the IP address APISIX got from the request.
If the IP is what you expect, try debugging this:
1. See whether there is one or more nodes between the APISIX and your
request client.
2. Check real_ip_module, it's possible that APISIX thinks the direct
previous hop's IP is the client's IP.
On Fri, Nov 5, 2021 at 10:06 PM Jatinder Kaur
<ja...@escalon.services.invalid> wrote:
>
> Hi Team,
>
> I am trying IP restriction Plugin I have whitelisted 2 Ips on one route but it says "IP does not allowed"
> when I am hitting the endpoint from servers which is Ip is allowed on endpoint. How can I debug this issue ? How IP restriction plugin detect the IPs from the request ?
>
> I am using PHP curl to request the apisix endpoint...
>
> I posted the same on slack but didn't get the answer. Please help me on it.
>
> Thanks
> Jatinder
>
> [https://d3ilhdmygrlpl2.cloudfront.net/images/signature/ebs-logo.png]<http://www.escalon.services>
>
>
> Jatinder Kaur
> Technical Architect, Escalon Services
> www.escalon.services<http://www.escalon.services>
>
> jatinder.kaur@escalon.services <ma...@escalon.services>
>
>
>
>
>