Ip restriction plugin blocking ip in its whitelist

I have 2 separate Kubernetes clusters, one for QA and one for Production.
Both of them are using db-less mode. Both have almost the same resource definitions the only differences an in the ingress. They have different host names.
One of the cluster blocks the ip in its whitelist and the other blocks everything not in its white list.
I’m on 0.8.1 any idea what the issue might be?

Interesting. Is it Kong blocking the reqeust or some other firewall (that might be configured differently for the two clusters)?

The response header seems to indicate that its Kong blocking the ip:

Summary
URL: https://dashboard.ks-central-production.gtpstratus.com/
Status: 403
Source: Network
Address: 52.154.155.245:443

Request
:method: GET
:scheme: https
:authority: dashboard.ks-central-production.gtpstratus.com
:path: /
Cookie: _ga=GA1.2.1963309331.1588090127; _gid=GA1.2.327068613.1588708750
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Upgrade-Insecure-Requests: 1
Host: dashboard.ks-central-production.gtpstratus.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Safari/605.1.15
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response
:status: 403
Content-Length: 44
Content-Type: application/json; charset=utf-8
Date: Wed, 06 May 2020 12:26:48 GMT
x-kong-response-latency: 0
Server: kong/2.0.3

Are the subnets same for both the clusters?

I just double checked and yes they are.

You should investigate if Kong is actually seeing the real client IP address in both the deployments or not.
Most likely that is the problem.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ