View Source Antikythera.Plug.IpFiltering (antikythera v0.5.1)
Plug to restrict access to controller action only from within specified IP ranges.
Usage
Static IP ranges specified as a plug argument
The following lines reject requests from IP not within the 2 ranges, "123.45.67.0/24", "135.79.135.0/24".
ranges = Enum.map(["123.45.67.0/24", "135.79.135.0/24"], &Antikythera.IpAddress.V4.parse!/1)
plug Antikythera.Plug.IpFiltering, :check_by_static_ranges, [ranges: ranges]Note that this plug accepts only parsed result and not string, in order to avoid parsing the given strings on every request.
Dynamic IP ranges specified by gear config
The following line uses "ALLOWED_IP_RANGES" field in the gear config as the list of allowed IP ranges.
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, []The field name can be customized by giving :field_name option as follows:
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [field_name: "ALLOWED_IP_RANGES_2"]gear-to-gear requests
Both plug functions explained above reject not only web requests from outside of the specified IP ranges but also gear-to-gear requests.
If you want to restrict web requests and at the same time allow gear-to-gear requests, pass :allow_g2g option.
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [allow_g2g: true]Summary
Types
@type arg_static() :: boolean() | [:inet.ip_address()]
Functions
@spec check_by_gear_config(Antikythera.Conn.t(), Keyword.t(arg_gear_config())) :: Antikythera.Conn.t()
@spec check_by_static_ranges(Antikythera.Conn.t(), Keyword.t(arg_static())) :: Antikythera.Conn.t()
@spec run_check_on_cloud( Antikythera.Conn.t(), Keyword.t(), (() -> [:inet.ip4_address()]) ) :: Antikythera.Conn.t()