How to identify Consumer from its IP?

Hi, is there a way to tie a customer to a specific IP, without any authentication inside Kong?

Use-case is to apply specific rate-limiting to specific IPs like Kong rate limit whitelist IPs or even Ip-Restrictions on Consumers, minus the authentication, while having a default per-IP rate-limit for all the other IPs (limit_by: ip) on the Service. The proxified app is doing authentication by itself. This is not quite exactly as Consumer identification without authorization.

What I tried so far is creating a Consumer staging_app_client, limit it to an IP and set the rate-limit plugin to the staging_app_client Consumer like this:

# add staging_app_client consumer
curl -i -X POST http://kong:8001/consumers/ --data "username=staging_app_client"
# limit this consumer to IP 8.8.8.8        
curl -X POST http://kong:8001/consumers/staging_app_client/plugins --data "name=ip-restriction" --data "config.whitelist=8.8.8.8"
# rate-limit the consumer               
curl -X POST http://kong:8001/consumers/staging_app_client/plugins --data "name=rate-limiting" --data "config.day=1000" --data "config.hour=100"

But when initiating requests from this IP 8.8.8.8 to the Kong gateway, we still see the global (for the Service) per-IP rate-limit being applied in the X-RateLimit-Limit-* headers.
Also I was not able to find how to tie this Consumer to a specific Service, as we plan in the future to have more than 1 service behind Kong.

Is it impossible to achieve this?

FTR, we had to switch to key based authentication https://docs.konghq.com/hub/kong-inc/key-auth/


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ