IP whitelisting on client's IP using X-FORWARDED-FOR

I have a LB profile on top of Kong cluster. LB will be redirecting traffic to one of the Kong nodes in the Kong cluster. Can I use the ACL plugin of Kong to do whitelisting on client’s IP (which is present in X-FORWARDED-FOR).

The ACL plugin works on consumers, not on ip addresses. The users need to be “known” to kong in advance, and be identified via one of the authentication plugins. We don’t have a “IP-auth” plugin.

If you want to restrict by IP, may I suggest the IP-restriction plugin instead?