duzunwu512 opened a new issue #5683: URL: https://github.com/apache/apisix/issues/5683
### Issue description The Function for setting whitelist & blacklist is contrary with plugin ip-restriction . When I added My IP to whitelist and hope to access my service with APISIX, but return following message "{"message":"Your IP address is not allowed"}" And Then using word 'blacklist' replace 'whitelist' hoped to stop access my service and could get information which should be shown with whitelist. e.g. 1, { "blacklist": [ "127.0.0.1", "10.3.41.126" ] } MY IP IS : 10.3.41.126 I can access the service with my PC 2, { "whitelist": [ "127.0.0.1", "10.3.41.126" ] } I got message {"message":"Your IP address is not allowed"} ### Environment - apisix version (cmd: `apisix version`): V2.1 - OS (cmd: `uname -a`): Linux crminterface.test.cn 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): nginx version: openresty/1.19.3.1 - etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): etcd Version: 3.4.13 - apisix-dashboard version, if have: V2.2 - the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner): - luarocks version, if the issue is about installation (cmd: `luarocks --version`): ### Steps to reproduce 1. add upstream 2. add route, setting ip-restriction with whitelist or blacklist 3. access with apisix 4. Or use following cmd and access the service curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/etravel-delivery-web/*", "upstream": { "type": "roundrobin", "nodes": { "sitetravel.gzl.cn:80": 1 } }, "plugins": { "ip-restriction": { "whitelist": [ "127.0.0.1", "10.3.41.126" ] } } }' ### Actual result For whitelist I CAN'T access the service with ip in whitelist . For blacklist CAN access the service with ip in blacklist. ### Error log FOR blacklist setting , the access log: 10.3.41.126 - - [03/Dec/2021:16:08:23 +0800] testapi.gzl.cn:9080 "GET /etravel-delivery-web/anon/apisix.json?key=apisixt&code=THECODE HTTP/1.1" 200 98 0.006 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" 10.3.41.101:80 200 0.005 "http://testapi.gzl.cn" FOR whitelist setting, the access log: 10.3.41.126 - - [03/Dec/2021:16:10:11 +0800] testapi.gzl.cn:9080 "GET /etravel-delivery-web/anon/apisix.json?key=apisixt&code=THECODE HTTP/1.1" 403 56 0.000 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36" - - - "http://testapi.gzl.cn" ### Expected result For whitelist only ip in the whitelist Can access the serivce For blacklist CAN'T access the service with ip in blacklist. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org