IP Restriction for GRPC

We are looking for a way to lock down grpc calls by IP address for a proof of concept. It looks like it’s not currently supported in the plugin. Does anyone have a suggestion for what to try next?

Ideally, we don’t want to create a custom plugin.

Any advice would be amazing.

1 Like

Hi @cody.taylor,

Welcome to Kong Nation - and thanks for posting your question!

A good place to start is kong.response.exit; as this method handles the logic to forbid a given request - and gRPC has its own pre-defined statuses - you will need to adapt said method to respond with appropriate gRPC status and message.

The method’s current implementation already handles this conversion to some extent, so it’s worth to try out the plugin as it currently stands and see how it behaves.

This will be helpful: https://github.com/grpc/grpc/blob/master/doc/statuscodes.md.

Also, CC’ing @bungle, as he’s done some great work in refactoring kong.response.exit to be more gRPC-friendly.

Please do share your progress and we will be here to help.

1 Like

Thanks for your reply!

We tried out the IP restriction plugin again and it does appear to actually work for grpc. We then ran into the problem where it was behind a global load balancer and it only ever got the load balancers ip…

So we implemented basic auth for grpc and that will have to do for now.

1 Like

Glad to know it worked, @cody.taylor!