You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/27 01:34:07 UTC

[GitHub] [apisix] lee-x-zh opened a new issue, #8571: help request: Is there any way to restrict client access by x-forward-for ?

lee-x-zh opened a new issue, #8571:
URL: https://github.com/apache/apisix/issues/8571

   ### Description
   
   For some reasons, we deployed Apisix behind NG.
   Now We want to only grant route acesss to a specific group of public IPs。
   We tried IP_RESTRICTION plugin, It seemed to only accept the front NG IP。
   So, Is there any way to restrict client ip by X-Forward-For head ?
   
   ### Environment
   
   - APISIX version (run `apisix version`):
   - Operating system (run `uname -a`):
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] mscb402 commented on issue #8571: help request: Is there any way to restrict client access by x-forward-for ?

Posted by GitBox <gi...@apache.org>.

mscb402 commented on issue #8571:
URL: https://github.com/apache/apisix/issues/8571#issuecomment-1366301479

   There is a example
   ```
   curl http://127.0.0.1:9180/apisix/admin/routes/1 \
   -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   {
       "uri": "/index.html",
       "plugins": {
           "traffic-split": {
               "rules": [
                   {
                       "match": [
                           {
                               "vars": [
                                   ["proxy_add_x_forwarded_for",{"127.0.0.1", "192.168.0.0/16"}]
                               ]
                           }
                       ],
                       "weighted_upstreams": [
                           {
                               "upstream": {
                                   "name": "upstream_A",
                                   "type": "roundrobin",
                                   "nodes": {
                                       "127.0.0.1:1981":10
                                   }
                               },
                               "weight": 3
                           },
                           {
                               "weight": 2
                           }
                       ]
                   }
               ]
           }
       },
       "upstream": {
               "type": "roundrobin",
               "nodes": {
                   "127.0.0.1:1980": 1
               }
       }
   }'```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] mscb402 commented on issue #8571: help request: Is there any way to restrict client access by x-forward-for ?

Posted by GitBox <gi...@apache.org>.

mscb402 commented on issue #8571:
URL: https://github.com/apache/apisix/issues/8571#issuecomment-1366300184

   You can try traffic-split plugin. https://apisix.apache.org/zh/docs/apisix/plugins/traffic-split/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lee-x-zh closed issue #8571: help request: Is there any way to restrict client access by x-forward-for ?

Posted by "lee-x-zh (via GitHub)" <gi...@apache.org>.

lee-x-zh closed issue #8571: help request: Is there any way to restrict client access by x-forward-for ?
URL: https://github.com/apache/apisix/issues/8571


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] shreemaan-abhishek commented on issue #8571: help request: Is there any way to restrict client access by x-forward-for ?

Posted by "shreemaan-abhishek (via GitHub)" <gi...@apache.org>.

shreemaan-abhishek commented on issue #8571:
URL: https://github.com/apache/apisix/issues/8571#issuecomment-1708147012

   @lee-x-zh, do you have any further questions/updates? If not, please close the issue. Thanks.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org