Hi, is there a way to tie a customer to a specific IP, without any authentication inside Kong?
Use-case is to apply specific rate-limiting to specific IPs like Kong rate limit whitelist IPs or even Ip-Restrictions on Consumers, minus the authentication, while having a default per-IP rate-limit for all the other IPs (
limit_by: ip) on the Service. The proxified app is doing authentication by itself. This is not quite exactly as Consumer identification without authorization.
What I tried so far is creating a Consumer
staging_app_client, limit it to an IP and set the rate-limit plugin to the
staging_app_client Consumer like this:
# add staging_app_client consumer curl -i -X POST http://kong:8001/consumers/ --data "username=staging_app_client" # limit this consumer to IP 220.127.116.11 curl -X POST http://kong:8001/consumers/staging_app_client/plugins --data "name=ip-restriction" --data "config.whitelist=18.104.22.168" # rate-limit the consumer curl -X POST http://kong:8001/consumers/staging_app_client/plugins --data "name=rate-limiting" --data "config.day=1000" --data "config.hour=100"
But when initiating requests from this IP
22.214.171.124 to the Kong gateway, we still see the global (for the Service) per-IP rate-limit being applied in the
Also I was not able to find how to tie this Consumer to a specific Service, as we plan in the future to have more than 1 service behind Kong.
Is it impossible to achieve this?