[GitHub] [apisix] kingmouse-yx opened a new issue #6537: bug: The function of ip-restriction is contrary

[GitBox]

kingmouse-yx opened a new issue #6537:
URL: https://github.com/apache/apisix/issues/6537


   ### Issue description
   
   when I test the white list, the routing configuration information is as 
follows 
   ```json
   {
     "uri": "/mock/521171/aa",
     "name": "API-test",
     "methods": [
       "POST"
     ],
     "plugins": {
       "ip-restriction": {
         "disable": false,
         "whitelist": [
           "127.0.0.1"
         ]
       }
     },
     "upstream_id": "396931816625275591",
     "labels": {
       "demo": "demo1"
     },
     "status": 1
   }
   ```
   At this point, I hope 127.0.0.1 can pass. But the actual return result is as 
follows.
   ```json
   {"message":"Your IP address is not allowed"}
   ```
   when I test the black list, the routing configuration information is as 
follows 
   ```json
   {
     "uri": "/mock/521171/aa",
     "name": "API-test",
     "methods": [
       "POST"
     ],
     "plugins": {
       "ip-restriction": {
         "blacklist": [
           "127.0.0.1"
         ],
         "disable": false
       }
     },
     "upstream_id": "396931816625275591",
     "labels": {
       "demo": "demo1"
     },
     "status": 1
   }
   ```
   At this point, I don't want 127.0.0.1 to pass. But the actual return result 
is as follows.
   ```json
   {
       "tag": {
           "certStatus": "1",
           "certTp": "01"
       },
       "data": {
           "a_name": "xxx",
           "a_age": "29"
       },
       "certId": "341126197709218366",
       "userid": "xxxxxxxxxxxx01",
       "realname": "test",
       "caseId": "11111111999999990000009909"
   }
   ```
   This is completely contrary to my expectation
   
   ### Environment
   
   - apisix version (cmd: `apisix version`): 2.12.1
   - OS (cmd: `uname -a`): Linux node-15 3.10.0-862.51.1.el7.x86_64 #1 SMP Sun 
Sep 27 11:41:03 CST 2020 x86_64 x86_64 x86_64 GNU/Linux
   - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): 
openresty/1.19.3.1
   - etcd version, if have (cmd: run `curl 
http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): 
3.4.0
   - apisix-dashboard version, if have: 2.10.1
   - the plugin runner version, if the issue is about a plugin runner (cmd: 
depended on the kind of runner):
   - luarocks version, if the issue is about installation (cmd: `luarocks 
--version`):
   
   ### Steps to reproduce
   
   1.add upstream
   2.add route, setting ip-restriction with whitelist or blacklist
   3.access with apisix
   4.Or use following cmd and access the service
   
   ### Actual result
   
   1. The whitelist cannot be passed
   2. The blacklist can be passed
   
   ### Error log
   
   2022/03/08 02:10:02 [warn] 43#43: *160645 [lua] plugin.lua:658: 
run_plugin(): ip-restriction exits with http status code 403, client: 
172.18.0.1, server: _, request: "POST /mock/521171/aa HTTP/1.1", host: 
"127.0.0.1:9080"
   
   ### Expected result
   
   1. The blacklist cannot be passed
   2. The whitelist can be passed


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org