This is how my IP restriction plugin looks like in kong.yml file. Kong is working behind Nginx through reverse proxy here. But on using this KONG is not allowing me to send request from 171.76.82.251.
Error:
{
“message”: “Your IP address is not allowed”
}
@Sayantan_Roy Make sure ingress is properly configured to preserve client ip information. Also Please check following settings in Kong environment -
trusted_ips = <Nginx’s IP>
real_ip_header = X-Forwarded-For
read_ip_recursive = on
Hi @trustworthygoblin thanks for the reply. I don’t have ingress setup. I have declarative kong yml file running in DB less mode. My plugins look something like this.
Still same error:
Error:
{
“message”: “Your IP address is not allowed”
}
If you are exposing Kong proxy via L4 LB then you need to add externalTrafficPolicy property in helm under proxy section
proxy:
enabled: true
...
type: LoadBalancer
externalTrafficPolicy: Local
You can read this article - Create an External Load Balancer | Kubernetes
Let me know if this helps.
Thanks such quick response. Actually I am yet to implement the load balancing set up. Right now
I have an nginx server. The kong API gateway is sitting behind it. In the reverse proxy of nginx I have provided thr url of KONG.
In the kong.yml file I had created a service and attached it to the plugins mentioned in the above comments.
But the ip which I have put in allow config of ip-restriction plugin, is also getting blocked.
Whay should I do now?
Not sure with your Nginx configuration but try to route Nginx traffic to any ip detection service and check response to verify which IP does Nginx forwards to backend service such as httpbin.org/ip or httpbin.org/anything. If you dont get desired IP in response then you know where to look. Am not sure otherwise.