antikythera v0.2.0 Antikythera.Plug.IpFiltering View Source

Plug to restrict access to controller action only from within specified IP ranges.

Usage

Static IP ranges specified as a plug argument

The following lines reject requests from IP not within the 2 ranges, "123.45.67.0/24", "135.79.135.0/24".

ranges = Enum.map(["123.45.67.0/24", "135.79.135.0/24"], &Antikythera.IpAddress.V4.parse!/1)
plug Antikythera.Plug.IpFiltering, :check_by_static_ranges, [ranges: ranges]

Note that this plug accepts only parsed result and not string, in order to avoid parsing the given strings on every request.

Dynamic IP ranges specified by gear config

The following line uses "ALLOWED_IP_RANGES" field in the gear config as the list of allowed IP ranges.

plug Antikythera.Plug.IpFiltering, :check_by_gear_config, []

The field name can be customized by giving :field_name option as follows:

plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [field_name: "ALLOWED_IP_RANGES_2"]

gear-to-gear requests

Both plug functions explained above reject not only web requests from outside of the specified IP ranges but also gear-to-gear requests. If you want to restrict web requests and at the same time allow gear-to-gear requests, pass :allow_g2g option.

plug Antikythera.Plug.IpFiltering, :check_by_gear_config, [allow_g2g: true]

Link to this section Summary

Link to this section Types

Link to this type arg_gear_config() View Source
arg_gear_config() :: boolean() | String.t()
Link to this type arg_static() View Source
arg_static() :: boolean() | [:inet.ip_address()]

Link to this section Functions

Link to this function check_by_gear_config(conn, opts) View Source
Link to this function check_by_static_ranges(conn, opts) View Source
check_by_static_ranges(Antikythera.Conn.t(), Keyword.t(arg_static())) :: Antikythera.Conn.t()
Link to this function run_check_on_cloud(conn, opts, fun) View Source
run_check_on_cloud(Antikythera.Conn.t(), Keyword.t(), (() -> [:inet.ip4_address()])) :: Antikythera.Conn.t()