You can clone with
Cannot retrieve contributors at this time
== link:index.html[Index] -> link:cookbook.html[Cookbook]Cookbook: Restricting traffic by IP-----------------------------------This section answers some general questions regarding the currentbehavior of several parts of Cherokee that might lead tomissunderstandings.Some scenarios require web traffic to be restricted on a virtualserver basd on incoming IP. Although an IP/Subnet host match type ispresent on the `Host Match` tab of virtual servers, this can't be usedas a security measure to enforce traffic restrictions. Its mainpurpose is explained elsewhere in the documentation, and suffice it tosay that if this method were to be used, it could be easily overcomed byforging the `Host` header.If you want to restrict the traffic of one of your virtual serversbased on the incoming IP, the best way to go is setting a non-finalrule on top of your behavior rule list of the virtual server. Thatrule should match the forbidden IPs with an `Incoming IP/Port`-typerule (such as `(NOT Incoming IP: 127.0.0.1/8)`), and could be handledby custom error handler, or an appropriate redirection.