Restrict access to /admin based on IP address? #292
Comments
|
I'm not involved with this project (just a user), but to me this feels like the kind of feature that would be better implemented at the reverse-proxy or load balancer level, to minimize complexity in the application layer. One opinion on the matter 😄 |
|
Thanks @logankoester I'm starting to think actually that a plugin for iron-router might do the trick. I'm not sure that having it implemented at the load balancer/reverse-proxy level would cover all the requests on a predominantly client-side app |
|
@malpaso That's a really interesting point. A bit embarrassing... I was thinking in the context of a traditional web service when I made that suggestion, and in retrospect it seems obvious that a Meteor app might allow access to the Definitely something I need to remember when working with Meteor myself. 😨 With that in mind, your iron-router plugin plan sounds solid. Another approach might be to implement routing-aware IP whitelisting on Sikka, an application-level firewall for Meteor. See issues meteorhacks/sikka#8 and meteorhacks/sikka#7 on that project for work already in progress. |
As above, any suggestions on how to do this or any packages that will allow iron-router to do this?
The text was updated successfully, but these errors were encountered: