Yilialinn commented on code in PR #11925: URL: https://github.com/apache/apisix/pull/11925#discussion_r2000523515
########## docs/en/latest/plugins/ip-restriction.md: ########## @@ -61,103 +64,90 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -```shell -curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d ' -{ - "uri": "/index.html", - "upstream": { - "type": "roundrobin", - "nodes": { - "127.0.0.1:1980": 1 - } - }, - "plugins": { - "ip-restriction": { - "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" - ] - } - } -}' -``` +### Restrict Access by Whitelisting -To return a custom message when an IP address is not allowed access, configure it in the Plugin as shown below: +The following example demonstrates how you can whitelist a list of IP addresses that should have access to the upstream resource and customize the error message for access denial. -```json -"plugins": { - "ip-restriction": { +Create a Route with the `ip-restriction` Plugin to whitelist a range of IPs and customize the error message when the access is denied: + +```shell +curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \ + -H "X-API-KEY: ${ADMIN_API_KEY}" \ + -d '{ + "id": "ip-restriction-route", + "uri": "/anything", + "plugins": { + "ip-restriction": { "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" + "192.168.0.1/24" ], - "message": "Do you want to do something bad?" + "message": "Access denied" + } + }, + "upstream": { + "type": "roundrobin", + "nodes": { + "httpbin.org:80": 1 + } } -} + }' ``` -## Example usage - -After you have configured the Plugin as shown above, when you make a request from the IP `127.0.0.1`: - -```shell -curl http://127.0.0.1:9080/index.html -i -``` +Send a request to the route: Review Comment: ```suggestion Send a request to the Route: ``` ########## docs/en/latest/plugins/ip-restriction.md: ########## @@ -61,103 +64,90 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -```shell -curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d ' -{ - "uri": "/index.html", - "upstream": { - "type": "roundrobin", - "nodes": { - "127.0.0.1:1980": 1 - } - }, - "plugins": { - "ip-restriction": { - "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" - ] - } - } -}' -``` +### Restrict Access by Whitelisting -To return a custom message when an IP address is not allowed access, configure it in the Plugin as shown below: +The following example demonstrates how you can whitelist a list of IP addresses that should have access to the upstream resource and customize the error message for access denial. -```json -"plugins": { - "ip-restriction": { +Create a Route with the `ip-restriction` Plugin to whitelist a range of IPs and customize the error message when the access is denied: + +```shell +curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \ + -H "X-API-KEY: ${ADMIN_API_KEY}" \ Review Comment: ```suggestion -H "X-API-KEY: ${admin_key}" \ ``` ########## docs/en/latest/plugins/ip-restriction.md: ########## @@ -61,103 +64,90 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -```shell -curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d ' -{ - "uri": "/index.html", - "upstream": { - "type": "roundrobin", - "nodes": { - "127.0.0.1:1980": 1 - } - }, - "plugins": { - "ip-restriction": { - "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" - ] - } - } -}' -``` +### Restrict Access by Whitelisting -To return a custom message when an IP address is not allowed access, configure it in the Plugin as shown below: +The following example demonstrates how you can whitelist a list of IP addresses that should have access to the upstream resource and customize the error message for access denial. -```json -"plugins": { - "ip-restriction": { +Create a Route with the `ip-restriction` Plugin to whitelist a range of IPs and customize the error message when the access is denied: + +```shell +curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \ + -H "X-API-KEY: ${ADMIN_API_KEY}" \ + -d '{ + "id": "ip-restriction-route", + "uri": "/anything", + "plugins": { + "ip-restriction": { "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" + "192.168.0.1/24" ], - "message": "Do you want to do something bad?" + "message": "Access denied" + } + }, + "upstream": { + "type": "roundrobin", + "nodes": { + "httpbin.org:80": 1 + } } -} + }' ``` -## Example usage - -After you have configured the Plugin as shown above, when you make a request from the IP `127.0.0.1`: - -```shell -curl http://127.0.0.1:9080/index.html -i -``` +Send a request to the route: ```shell -HTTP/1.1 200 OK -... +curl -i "http://127.0.0.1:9080/anything"; ``` -But if you make requests from `127.0.0.2`: +If your IP is allowed, you should receive an `HTTP/1.1 200 OK` response. If not, you should receive an `HTTP/1.1 403 Forbidden` response with the following error message: -```shell -curl http://127.0.0.1:9080/index.html -i --interface 127.0.0.2 +```text +{"message":"Access denied"} ``` -``` -HTTP/1.1 403 Forbidden -... -{"message":"Your IP address is not allowed"} -``` +### Restrict Access Using Modified IP + +The following example demonstrates how you can modify the IP used for IP restriction, using the `real-ip` plugin. This is particularly useful if APISIX is behind a reverse proxy and the real client IP is not available to APISIX. -To change the whitelisted/blacklisted IPs, you can update the Plugin configuration. The changes are hot reloaded and there is no need to restart the service. +Create a Route with the `ip-restriction` Plugin to whitelist a specific IP address and obtain client IP address from the URL parameter `realip`: ```shell -curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d ' -{ - "uri": "/index.html", - "upstream": { - "type": "roundrobin", - "nodes": { - "127.0.0.1:1980": 1 - } - }, +curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \ + -H "X-API-KEY: ${ADMIN_API_KEY}" \ + -d '{ + "id": "ip-restriction-route", + "uri": "/anything", "plugins": { - "ip-restriction": { - "whitelist": [ - "127.0.0.2", - "113.74.26.106/24" - ] - } + "ip-restriction": { + "whitelist": [ + "192.168.1.241" + ] + }, + "real-ip": { + "source": "arg_realip" + } + }, + "upstream": { + "type": "roundrobin", + "nodes": { + "httpbin.org:80": 1 + } } -}' + }' +``` + +Send a request to the route: Review Comment: ```suggestion Send a request to the Route: ``` ########## docs/en/latest/plugins/ip-restriction.md: ########## @@ -61,103 +64,90 @@ admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"/ ::: -```shell -curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d ' -{ - "uri": "/index.html", - "upstream": { - "type": "roundrobin", - "nodes": { - "127.0.0.1:1980": 1 - } - }, - "plugins": { - "ip-restriction": { - "whitelist": [ - "127.0.0.1", - "113.74.26.106/24" - ] - } - } -}' -``` +### Restrict Access by Whitelisting -To return a custom message when an IP address is not allowed access, configure it in the Plugin as shown below: +The following example demonstrates how you can whitelist a list of IP addresses that should have access to the upstream resource and customize the error message for access denial. -```json -"plugins": { - "ip-restriction": { +Create a Route with the `ip-restriction` Plugin to whitelist a range of IPs and customize the error message when the access is denied: + +```shell +curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT \ + -H "X-API-KEY: ${ADMIN_API_KEY}" \ Review Comment: Check accordingly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
