Skip to content
This repository has been archived by the owner on Apr 23, 2019. It is now read-only.

Feature/per app access #206

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

berkes
Copy link
Collaborator

@berkes berkes commented Oct 6, 2015

This adds a whitelisting feature to allow a certain range of IP-addresses.
Usefull for that (in-house) testing, staging or v2.0 environment.

Each app can have an "access" entry. Where you can add a list of IP-addresses
that are allowed. When defined, each address will be added to the nginx configuration as allowed, all other addresses will be denied.

More information on the Nginx documentation
The template will add the denied, then the allowed IP-addresses.

    "access": {
      "allowed": ["127.0.0.1"]
    }

This will only allow users from 127.0.0.1 access to the app. All others will be denied.

    "access": {
      "denied": ["127.0.0.1"],
      "allowed": ["127.0.0.0/24"]
    }

This will allow access for users from IP range 127.0.0.0/24, but makes an exception for IP-address 127.0.0.1 which is denied access.

NOTE: the denied is not meant to replace full-blown IP-blocking. Its intended
use is to allow IPB-blocks in allow, then remove one or two specific ones by denying them again.
I.e: to aid the whitelisting, not to be used as a blacklisting. But when using only the denied list, you can have blacklisting. However, the moment you add an allowed address, we add "deny all" to the access configuration.

NOTE: This is not meant to replace access control, nor will it scale well for
large amounts of IP-addresses. The intented use is to open up e.g. a testing version
of an app to a limited set of users.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant