antikythera v0.2.0 Antikythera.Plug.IpFiltering View Source
Plug to restrict access to controller action only from within specified IP ranges.
Usage
Static IP ranges specified as a plug argument
The following lines reject requests from IP not within the 2 ranges, "123.45.67.0/24", "135.79.135.0/24"
.
ranges = Enum.map(["123.45.67.0/24", "135.79.135.0/24"], &Antikythera.IpAddress.V4.parse!/1)
plug Antikythera.Plug.IpFiltering, :check_by_static_ranges, [ranges: ranges]
Note that this plug accepts only parsed result and not string, in order to avoid parsing the given strings on every request.
Dynamic IP ranges specified by gear config
The following line uses "ALLOWED_IP_RANGES"
field in the gear config as the list of allowed IP ranges.
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, []
The field name can be customized by giving :field_name
option as follows:
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [field_name: "ALLOWED_IP_RANGES_2"]
gear-to-gear requests
Both plug functions explained above reject not only web requests from outside of the specified IP ranges but also gear-to-gear requests.
If you want to restrict web requests and at the same time allow gear-to-gear requests, pass :allow_g2g
option.
plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [allow_g2g: true]
Link to this section Summary
Link to this section Types
Link to this section Functions
Link to this function
check_by_gear_config(conn, opts)
View Source
check_by_gear_config(Antikythera.Conn.t(), Keyword.t(arg_gear_config())) :: Antikythera.Conn.t()
Link to this function
check_by_static_ranges(conn, opts)
View Source
check_by_static_ranges(Antikythera.Conn.t(), Keyword.t(arg_static())) :: Antikythera.Conn.t()
Link to this function
run_check_on_cloud(conn, opts, fun)
View Source
run_check_on_cloud(Antikythera.Conn.t(), Keyword.t(), (() -> [:inet.ip4_address()])) :: Antikythera.Conn.t()