Ip-Restrictions on Consumers

Hello there,
I have created two consumers in kong [ex: abc,xyz] and after that i have created an IP-Restriction plugin with on of my consumer_id .I have also created key-auth plugin in abc consumer

Now when i call kong url with my consumer id , it still showing me the response instead of showing warning message like your ip address is not allowed.
Please can anyone can help me out

This may have been tied to not having your ACL configured just right yet in the other topic, did you resolve this?

It doesn’t make sense to me to add an ip restriction on a user. Can you explain your use case for this?

We recently discussed adding a flag that it cannot be added on a consumer. If there is a good use case, we might revisit that.

1 Like


We have clients, who use our APIs from their own infrastructure, and they’d like to ensure, that their API credentials may not be used from any other IP than their own.
Of course, there are lots of clients, who consumer the API from PaaS providers like Heroku, so they can’t really provide an IP or IP range. (Or they don’t have any policy which would require IP whitelisting.)

Based on this, I’d kindly ask, not to remove the ability to pin IP restriction on API consumers. :wink:


Hi! is there any update on this? I have the same use case (a consumer key that should only be able to be accessed from a whitelisted CIDR).


@emckean I just tried this out using the following configuration and it works fine: