thor533 commented on issue #9239:
URL: https://github.com/apache/apisix/issues/9239#issuecomment-1508087659
> > > > > > >
> > > > > >
> > > > > >
> > > > > > Is this an apisix bug or a configuration problem?
> > > > >
> > > > >
> > > > > maybe this is a feature.
> > > > > Because the core logic of the two plug-ins works in different
phase of nginx's http request processing, while ip_restriction is in the
`access` phase, and basic-auth is in the`rewrite` phase.
> > > > > The rewrite phase is processed before the access phase.
> > > > > We plan to remove ambiguity about priorities by updating the
documentation.
> > > >
> > > >
> > > > Okey, i think the ip-restriction should excute first,it should have
the highest priority! thank you reply !
> > >
> > >
> > > yep, we will think twice for how to remove ambiguity
> >
> >
> > My final question is, is there a way to get ip-restriction to execute
first, do you need a custom plugin or something, i am looking forward to your
reply !
>
> only for poc
>
> ```
> ubuntu@ip-172-31-36-124:~/apisix$ git diff
> diff --git a/apisix/plugins/ip-restriction.lua
b/apisix/plugins/ip-restriction.lua
> index b499f2dd..9c40bfdd 100644
> --- a/apisix/plugins/ip-restriction.lua
> +++ b/apisix/plugins/ip-restriction.lua
> @@ -20,7 +20,7 @@ local base =
require("apisix.plugins.ip-restriction.init")
>
> -- avoid unexpected data sharing
> local ip_restriction = core.table.clone(base)
> -ip_restriction.access = base.restrict
> +ip_restriction.rewrite = base.restrict
> ```
>
> ```
> ubuntu@ip-172-31-36-124:~/apisix$ curl
http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d @../meta-router.json
>
{"key":"/apisix/routes/1","value":{"id":"1","name":"检查测试","upstream":{"type":"roundrobin","hash_on":"vars","pass_host":"pass","nodes":[{"weight":1,"port":80,"host":"httpbin.org","priority":0}],"scheme":"http"},"methods":["GET"],"create_time":1681438174,"plugins":{"ip-restriction":{"blacklist":["127.0.0.1"],"_meta":{"priority":99999},"message":"Your
IP address is not
allowed"},"basic-auth":{"username":"foo","hide_credentials":false,"password":"bar"}},"priority":1,"uri":"/xubin/","status":1,"update_time":1681455913}}
> ubuntu@ip-172-31-36-124:~/apisix$ curl http://localhost:9080/xubin/ -i
--interface 127.0.0.1
> HTTP/1.1 403 Forbidden
> Date: Fri, 14 Apr 2023 07:05:15 GMT
> Content-Type: text/plain; charset=utf-8
> Transfer-Encoding: chunked
> Connection: keep-alive
> Server: APISIX/3.2.0
>
> {"message":"Your IP address is not allowed"}
> ```
okey,best wish,thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
