Closed abomadi closed 4 years ago
Hi, yes you should be able to limit an API to calls from Cloudflare only and custom rules, such as:
app.UseFirewall(
FirewallRulesEngine
.DenyAllAccess()
.ExceptFromCloudflare()
.ExceptWhen(ctx => ctx.Request.Path.Equals("<some-path>")));
@dustinmoris oh what i meant i need the opposite, white listing specific api's based on ip, or u mean i can build a filter and add it as a rule too ?
@abomadi Yes you should be able to build custom filter rules for that. You can build a filter which checks the resource of your API and then loads a list of whitelisted IPs which should be allowed to access that resource.
The ExceptWhen
filter is a function which takes in a HttpContext
and should return abool
- true
or false
depending if the request should be allowed to continue or not.
If you build a resource based whitelist filter in a generic way then feel free to submit it as a feature PR. I would accept this feature as it might be useful for others too!
I assume this has been answered, but feel free to re-open if something didn't make sense.
is it possible to protect a specific api's using filter ? also all the requests are coming from cloudflare too