title | keywords | description | ||||
---|---|---|---|---|---|---|
ip-restriction |
|
This document contains information about the Apache APISIX ip-restriction Plugin. |
The ip-restriction
Plugin allows you to restrict access to a Service or a Route by either whitelisting or blacklisting IP addresses.
Single IPs, multiple IPs or even IP ranges in CIDR notation like 10.10.10.0/24
can be used.
Name | Type | Required | Default | Valid values | Description |
---|---|---|---|---|---|
whitelist | array[string] | False | List of IPs or CIDR ranges to whitelist. | ||
blacklist | array[string] | False | List of IPs or CIDR ranges to blacklist. | ||
message | string | False | Your IP address is not allowed. | [1, 1024] | Message returned when the IP address is not allowed access. |
:::note
Either one of whitelist
or blacklist
attribute must be specified. They cannot be used together.
:::
You can enable the Plugin on a Route or a Service as shown below:
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
},
"plugins": {
"ip-restriction": {
"whitelist": [
"127.0.0.1",
"113.74.26.106/24"
]
}
}
}'
To return a custom message when an IP address is not allowed access, configure it in the Plugin as shown below:
"plugins": {
"ip-restriction": {
"whitelist": [
"127.0.0.1",
"113.74.26.106/24"
],
"message": "Do you want to do something bad?"
}
}
After you have configured the Plugin as shown above, when you make a request from the IP 127.0.0.1
:
curl http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
But if you make requests from 127.0.0.2
:
curl http://127.0.0.1:9080/index.html -i --interface 127.0.0.2
HTTP/1.1 403 Forbidden
...
{"message":"Your IP address is not allowed"}
To change the whitelisted/blacklisted IPs, you can update the Plugin configuration. The changes are hot reloaded and there is no need to restart the service.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
},
"plugins": {
"ip-restriction": {
"whitelist": [
"127.0.0.2",
"113.74.26.106/24"
]
}
}
}'
To disable the ip-restriction
Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/index.html",
"plugins": {},
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:1980": 1
}
}
}'
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。