Limit IPs #166
Merged
Limit IPs #166
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
update realip deps regroup deps, keep all indirect separately
umputun
force-pushed
the
limit-ips
branch
2 times, most recently
from
7b08f15
to
6fdaabb
Compare
add new remote param to docker and file providers lint: http nil body add support of remote ips to consul provider local implementation of onlyfrom middleware lint: missing comment make proxy tests more readable preffer public IP if any forwwarded
add more info and fix typos add info to readme
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements #119
This PR adds support for the "remote" configuration parameter to all the providers except the basic one (static). If set, it will restrict access to a given route for source IPs or networks. This is what it looks like with the file provider:
By default, the remote address from the request is used, however in some cases (proxy in front, docker with bridge network, etc) user may want to use
X-Real-IPandX-Forwarded-Forheaders. This options is off by default, and to turn it on--remote-lookup-headersparam orREMOTE_LOOKUP_HEADERS=1env can be set. It should be used only in trusted environments where bad actors can't set/change those headers.