IP Restriction Plugin Whitelist/Blacklist Settings Bug

Hi,

Currently have configured a service to IP restriction plugin, and the settings are as followed

For illustration purpose , let say 10.10.10.10 is my outgoing public IP address

config.blacklist

config.whitelist
10.10.10.10/32

As such, any request that originate from 10.10.10.10 will be able to pass through Kong successfully and then proxy to the upstream service.

Interestingly, this is not the case, in fact, it blacklisted my source ip 10.10.10.10. Is it some kind of UI bug ? I changed 10.10.10.10 to config.blacklist, and the api works :).

We are using Kong-EE Docker 0.36 deployed in AWS with RDS.

Robin

Hi,
Welcome to Kong Nation.
There are different things to consider to figure out what could be wrong in your configuration. (among them load balancer ? docker etc…)
Looking at your test, it seems that kong does not recognise the call as issued from 10.10.10.10
The IP restriction plugin is using ngx.var.binary_remote_addr and compares it with its configuration.
There are lot of information in this post : https://discuss.konghq.com/t/how-to-forward-clients-request-ip/384

Hi,

Maybe i didn’t articulate myself clearly.

So the scenario i observed

config.blacklist : Blank
config.whitelist : 10.10.10.10/32

Expected Result : API should passed as the source ip is whitelisted.
Actual Result : API failed

config.blacklist : 10.10.10.10/32
config.whitelist : Blank

Expected Result : API should failed , as the soruce ip is set as blacklist.
Actual Result : API Passed

Hi,
Two possibilities:
1/ bug in the plugin (possible but I’m not aware of it)
2/ the IP received and used by Kong is not 10.10.10.10 and then it explains your scenario

That is why I replied regarding the generic subject of client IP.


© 2018 Kong Inc.    Terms  •  Privacy  •  FAQ