White list some ranges of IP

PascalMinder / geoblock

Traefik middleware plugin - Deny requests based on country of origin

105 stars 9 forks source link

White list some ranges of IP #24

Closed Fratt closed 1 year ago

Fratt commented 2 years ago

Hello,

I would like to white-list some ranges of IP Address in a country that's normally blocked.

Is this currently possible ?

Thanks a lot

Fratt commented 2 years ago

If this can help someone else, I found a "workaround". You need to have allowLocalRequestsset to true. Edit geoblock.go and add the range in the cidr array of the method initPrivateIPBlocks

PascalMinder commented 2 years ago

I haven't thought about it yet, since I do not need it. But it might be an interesting idea. I look into it.

Olen commented 1 year ago

This would reallly be a great enhancement. I have quite a few services that I only want to be available from specific regions, but that might also need e.g. some kind of remote monitoring tool that is hosted in a different country, without opening for all traffic from that country.

PascalMinder commented 1 year ago

Hi, sorry for the late answer. I’ll look into it as soon as I have some time at my hand.

PascalMinder commented 1 year ago

I have added a first draft to allow defining specific IP addresses which should always be allowed. What do you think?

Pull Request: #30

testData:
  allowLocalRequests: false
  logLocalRequests: false
  logAllowedRequests: false
  logApiRequests: true
  api: "https://get.geojs.io/v1/ip/country/{ip}"
  apiTimeoutMs: 150
  cacheSize: 15
  forceMonthlyUpdate: true
  allowUnknownCountries: false
  unknownCountryApiResponse: "nil"
  countries:
    - CH
  allowedIpAddresses:
    - 8.8.8.8
    - 1.1.1.1

Olen commented 1 year ago

Looks great.
The official "ipWhiteList" plugin also allows for prefixes and IPv6:

tcp:
  middlewares:
    olen-net:
      ipWhiteList:
        sourceRange: 
          - "123.234.50.66/32"               # Home
          - "2a00:00c0:2:3::567:8001/128"  # Server
          - "178.90.234.0/24"             # Work

Does this work with your code as well?

PascalMinder commented 1 year ago

With my last commit, this should work.

Olen commented 1 year ago

Looks great. Will try to test it as soon as possible.

PascalMinder commented 1 year ago

Fixed by f923e4e318124adfca739a2b1168306bcc9a9da5

Fratt commented 1 year ago

Thank you very much !

You forgot to add it here though : https://github.com/PascalMinder/geoblock/blob/main/geoblock.go#L122 (not a big deal ;-)