Skip to content

Latest commit

 

History

History
127 lines (115 loc) · 3.42 KB

readme.md

File metadata and controls

127 lines (115 loc) · 3.42 KB

DenyIP

DenyIP is a middleware plugin for Traefik which accepts IP addresses or IP address ranges and blocks requests originating from those IPs.

Configuration

Static

In the example below fowardedHeaders.insecure is enabled in order to allow the IP address to be available from proxied requests. In a production environment, you may want to consider using forwardedHeaders.trustedIPs

experimental:
  pilot:
    token: "xxxxx"
  plugins:
    denyip:
      modulename = "github.com/kevtainer/denyip"
      version = "v1.0.0"

entryPoints:
  http:
    address: ":80"
    forwardedHeaders:
      insecure: true

Dynamic

To configure the DenyIP plugin you should create a middleware in your dynamic configuration as explained here. The following example creates and uses the denyip middleware plugin to deny all requests originating from Comcast. ipDenyList will also accept non-CIDR ips, eg. 127.0.0.1.

Note: Providing invalid ip addresses or ranges in ipDenyList will cause an error and the plugin will not load.

http:
  # Add the router
  routers:
    my-router:
      entryPoints:
      - http
      middlewares:
      - denyip
      service: service-foo
      rule: Path(`/foo`)

  # Add the middleware
  middlewares:
    denyip:
      plugin:
        ipDenyList:
          - 24.0.0.0/12
          - 24.16.0.0/13
          - 24.30.0.0/17
          - 24.34.0.0/16
          - 24.60.0.0/14
          - 24.91.0.0/16
          - 24.98.0.0/15
          - 24.118.0.0/16
          - 24.125.0.0/16
          - 24.126.0.0/15
          - 24.128.0.0/16
          - 24.129.0.0/17
          - 24.130.0.0/15
          - 24.147.0.0/16
          - 24.218.0.0/16
          - 24.245.0.0/18
          - 50.128.0.0/10
          - 65.34.128.0/17
          - 65.96.0.0/16
          - 66.30.0.0/15
          - 66.41.0.0/16
          - 66.56.0.0/18
          - 66.176.0.0/15
          - 66.229.0.0/16
          - 67.160.0.0/12
          - 67.176.0.0/15
          - 67.180.0.0/14
          - 67.184.0.0/13
          - 68.32.0.0/11
          - 68.80.0.0/14
          - 68.84.0.0/16
          - 69.136.0.0/15
          - 69.138.0.0/16
          - 69.139.0.0/17
          - 69.140.0.0/14
          - 69.180.0.0/15
          - 69.242.0.0/15
          - 69.244.0.0/14
          - 69.248.0.0/14
          - 69.253.0.0/16
          - 69.254.0.0/15
          - 71.56.0.0/13
          - 71.192.0.0/12
          - 71.224.0.0/12
          - 73.0.0.0/8
          - 75.64.0.0/13
          - 75.72.0.0/15
          - 75.74.0.0/16
          - 75.75.0.0/17
          - 75.75.128.0/18
          - 76.16.0.0/12
          - 76.97.0.0/16
          - 76.98.0.0/15
          - 76.100.0.0/14
          - 76.104.0.0/13
          - 76.112.0.0/12
          - 98.192.0.0/13
          - 98.200.0.0/14
          - 98.204.0.0/16
          - 98.206.0.0/15
          - 98.208.0.0/12
          - 98.224.0.0/12
          - 98.240.0.0/16
          - 98.242.0.0/15
          - 98.244.0.0/14
          - 98.248.0.0/13
          - 107.2.0.0/15
          - 107.4.0.0/15
          - 174.48.0.0/12

  # Add the service
  services:
    service-foo:
      loadBalancer:
        servers:
        - url: http://localhost:5000/
        passHostHeader: false