The ip-restriction can restrict access to a Service or a Route by either
whitelisting or blacklisting IP addresses. Single IPs, multiple IPs or ranges
in CIDR notation like 10.10.10.0/24 can be used.
| Name | Type | Requirement | Valid | Description |
|---|---|---|---|---|
| whitelist | array[string] | optional | List of IPs or CIDR ranges to whitelist. | |
| blacklist | array[string] | optional | List of IPs or CIDR ranges to blacklist. |
One of whitelist or blacklist must be specified, and they can not work together.
Creates a route or service object, and enable plugin ip-restriction.
- match:
prefix: "/bar"
route:
cluster: web_service
typed_per_filter_config:
envoy.filters.http.lua:
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
name: entry.lua
metadata:
filter_metadata:
envoy.filters.http.lua:
plugins:
- name: ip-restriction
conf:
whitelist:
- 127.0.0.1
- 113.74.26.106/24Requests from 127.0.0.1:
$ curl http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...Requests from 127.0.0.2:
$ curl http://127.0.0.1:9080/index.html -i --interface 127.0.0.2
HTTP/1.1 403 Forbidden
...
{"message":"Your IP address is not allowed"}When you want to disable the ip-restriction plugin, it is very simple,
you can delete the corresponding yaml configuration in the route metadata.