Open tian67890 opened 10 months ago
Hi @tian67890, please paste your complete configurations and detailed steps to reproduce your case. This will be easier for us to know what happened exactly.
@juzhiyuan a complete json as following:
{
"uri": "/*",
"name": "kuboard",
"methods": [
"GET",
"POST",
"PUT",
"DELETE",
"PATCH",
"HEAD",
"OPTIONS",
"CONNECT",
"TRACE",
"PURGE"
],
"host": "kuboard.xxx.com",
"plugins": {
"ip-restriction": {
"disable": false,
"whitelist": [
"61.148.62.179",
"172.0.0.0/8",
"127.0.0.1"
]
}
},
"upstream": {
"nodes": [
{
"host": "172.30.160.7",
"port": 80,
"weight": 1
}
],
"timeout": {
"connect": 60,
"send": 60,
"read": 60
},
"type": "roundrobin",
"scheme": "http",
"pass_host": "pass",
"keepalive_pool": {
"idle_timeout": 60,
"requests": 1000,
"size": 320
}
},
"enable_websocket": true,
"status": 1
}
apisix runs in a container of the k8s cluster,section of plugins configuration is like this:
plugin_attr:
log-rotate:
interval: 3600 # rotate interval (unit: second)
max_kept: 168 # max number of log files will be kept
max_size: -1 # max size of log files will be kept
enable_compression: false # enable log file compression(gzip) or not, default false
plugins: # plugin list
- api-breaker
- authz-keycloak
- basic-auth
- batch-requests
- consumer-restriction
- cors
- echo
- fault-injection
- file-logger
- grpc-transcode
- hmac-auth
- http-logger
- ua-restriction
- jwt-auth
- kafka-logger
- key-auth
- limit-conn
- limit-count
- limit-req
- node-status
- openid-connect
- authz-casdoor
- authz-casdoor-user
- authz-casbin
- prometheus
- proxy-cache
- proxy-mirror
- proxy-rewrite
- redirect
- referer-restriction
- request-id
- request-validation
- response-rewrite
- serverless-post-function
- serverless-pre-function
- sls-logger
- syslog
- tcp-logger
- udp-logger
- uri-blocker
- wolf-rbac
- zipkin
- traffic-split
- gzip
- real-ip
- ext-plugin-pre-req
- ext-plugin-post-req
- log-rotate
stream_plugins:
- mqtt-proxy
- limit-conn
- ip-restriction
how do i resolve it ? apisix log shows the plugin ip-restriction has been loaded normally. Is there some configuration or steps missing ?
@shreemaan-abhishek , I would like to take this up.
Hi @tian67890 , I tried to reproduce your issues with version 3.7
, I was unable to reproduce the issue, the plugin seemed to work fine. Can you please share you access and error logs ?? Also please mention the request (the request IP and the headers) and response code you are getting, and other helpful information, if available.
@tian67890 , any updates ??
@sheharyaar i think u can try this on APISIX 3.3?
@tian67890 you might want to check that you have ip-restriction in the plugins list (not stream_plugins). Also if you're behind a proxy/lb you might need to map the real client IPs that should be validated with the whitelist.
Description
apisix version 3.3 the plugin ip-restriction is set up in config.yaml but our whitelist configured in the route doesn't work
Environment
apisix version
): 3.3uname -a
):openresty -V
ornginx -V
):curl http://127.0.0.1:9090/v1/server_info
):luarocks --version
):