duzunwu512 opened a new issue #5683:
URL: https://github.com/apache/apisix/issues/5683
### Issue description
The Function for setting whitelist & blacklist is contrary with plugin
ip-restriction .
When I added My IP to whitelist and hope to access my service with APISIX,
but return following message "{"message":"Your IP address is not allowed"}"
And Then using word 'blacklist' replace 'whitelist' hoped to stop access my
service and could get information which should be shown with whitelist.
e.g.
1,
{
"blacklist": [
"127.0.0.1",
"10.3.41.126"
]
}
MY IP IS : 10.3.41.126
I can access the service with my PC
2,
{
"whitelist": [
"127.0.0.1",
"10.3.41.126"
]
}
I got message {"message":"Your IP address is not allowed"}
### Environment
- apisix version (cmd: `apisix version`): V2.1
- OS (cmd: `uname -a`): Linux crminterface.test.cn 3.10.0-957.el7.x86_64 #1
SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
- OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): nginx
version: openresty/1.19.3.1
- etcd version, if have (cmd: run `curl
http://127.0.0.1:9090/v1/server_info` to get the info from server-info API):
etcd Version: 3.4.13
- apisix-dashboard version, if have: V2.2
- the plugin runner version, if the issue is about a plugin runner (cmd:
depended on the kind of runner):
- luarocks version, if the issue is about installation (cmd: `luarocks
--version`):
### Steps to reproduce
1. add upstream
2. add route, setting ip-restriction with whitelist or blacklist
3. access with apisix
4. Or use following cmd and access the service
curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY:
edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/etravel-delivery-web/*",
"upstream": {
"type": "roundrobin",
"nodes": {
"sitetravel.gzl.cn:80": 1
}
},
"plugins": {
"ip-restriction": {
"whitelist": [
"127.0.0.1",
"10.3.41.126"
]
}
}
}'
### Actual result
For whitelist I CAN'T access the service with ip in whitelist .
For blacklist CAN access the service with ip in blacklist.
### Error log
FOR blacklist setting , the access log:
10.3.41.126 - - [03/Dec/2021:16:08:23 +0800] testapi.gzl.cn:9080 "GET
/etravel-delivery-web/anon/apisix.json?key=apisixt&code=THECODE HTTP/1.1" 200
98 0.006 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" 10.3.41.101:80 200 0.005
"http://testapi.gzl.cn";
FOR whitelist setting, the access log:
10.3.41.126 - - [03/Dec/2021:16:10:11 +0800] testapi.gzl.cn:9080 "GET
/etravel-delivery-web/anon/apisix.json?key=apisixt&code=THECODE HTTP/1.1" 403
56 0.000 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" - - -
"http://testapi.gzl.cn";
### Expected result
For whitelist only ip in the whitelist Can access the serivce
For blacklist CAN'T access the service with ip in blacklist.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
