sina-devel commented on issue #12704: URL: https://github.com/apache/apisix/issues/12704#issuecomment-3454380811
> > The resulting plugin execution order depends on the creation timestamp of each global rule, not the order defined in the APISIX Documentation. > > Hi [@sina-devel](https://github.com/sina-devel), how did you come to this conclusion? You can check the access log of apisix to see if the correct IP address is passed. Hi @Baoyuantop, I verified this using the APISIX access logs. When the issue happens, the `ip-restriction` plugin receives the CDN edge IP as the client address and blocks the request (returns 403). If I temporarily add the CDN edge IP range to the whitelist, the request passes through `ip-restriction`, and then the `real-ip` plugin runs — after that point, the access log shows the correct client IP from `X-Real-IP`. So the behavior confirms that: ``` ip-restriction -> real-ip ``` is the actual execution order, instead of: ``` real-ip -> ip-restriction ``` After deleting and reapplying the same `ApisixGlobalRule`, the order becomes correct again. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
