Sn0rt commented on issue #9239:
URL: https://github.com/apache/apisix/issues/9239#issuecomment-1508028509
> > > > > >
> > > > >
> > > > >
> > > > > Is this an apisix bug or a configuration problem?
> > > >
> > > >
> > > > maybe this is a feature.
> > > > Because the core logic of the two plug-ins works in different phase
of nginx's http request processing, while ip_restriction is in the `access`
phase, and basic-auth is in the`rewrite` phase.
> > > > The rewrite phase is processed before the access phase.
> > > > We plan to remove ambiguity about priorities by updating the
documentation.
> > >
> > >
> > > Okey, i think the ip-restriction should excute first,it should have
the highest priority! thank you reply !
> >
> >
> > yep, we will think twice for how to remove ambiguity
>
> My final question is, is there a way to get ip-restriction to execute
first, do you need a custom plugin or something, i am looking forward to your
reply !
only for poc
```
ubuntu@ip-172-31-36-124:~/apisix$ git diff
diff --git a/apisix/plugins/ip-restriction.lua
b/apisix/plugins/ip-restriction.lua
index b499f2dd..9c40bfdd 100644
--- a/apisix/plugins/ip-restriction.lua
+++ b/apisix/plugins/ip-restriction.lua
@@ -20,7 +20,7 @@ local base = require("apisix.plugins.ip-restriction.init")
-- avoid unexpected data sharing
local ip_restriction = core.table.clone(base)
-ip_restriction.access = base.restrict
+ip_restriction.rewrite = base.restrict
```
```
ubuntu@ip-172-31-36-124:~/apisix$ curl
http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d @../meta-router.json
{"key":"/apisix/routes/1","value":{"id":"1","name":"检查测试","upstream":{"type":"roundrobin","hash_on":"vars","pass_host":"pass","nodes":[{"weight":1,"port":80,"host":"httpbin.org","priority":0}],"scheme":"http"},"methods":["GET"],"create_time":1681438174,"plugins":{"ip-restriction":{"blacklist":["127.0.0.1"],"_meta":{"priority":99999},"message":"Your
IP address is not
allowed"},"basic-auth":{"username":"foo","hide_credentials":false,"password":"bar"}},"priority":1,"uri":"/xubin/","status":1,"update_time":1681455913}}
ubuntu@ip-172-31-36-124:~/apisix$ curl http://localhost:9080/xubin/ -i
--interface 127.0.0.1
HTTP/1.1 403 Forbidden
Date: Fri, 14 Apr 2023 07:05:15 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: APISIX/3.2.0
{"message":"Your IP address is not allowed"}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
