Ocelot icon indicating copy to clipboard operation
Ocelot copied to clipboard

Published 20 hours ago verified publisher icon ThreeMammals

Manage multiple pattern for allowed/blocked IP

Open Fabman08 opened this issue 4 years ago • 0 comments

New Feature

Proposed Changes

  • Added IpAddressRange package ( MPL-2.0 License )
  • Manage multiple pattern in order to allow or block IP access (take a look to the Example section of IpAddressRange)
  • Allow allowed Ips to be removed from blocked list via ExcludeAllowedFromBlocked configuration propery in SecurityOptions node
  • Backward compatibility with current SecurityOptions configuration section
  • Added more unit tests about new feature

Description

This feature is designed to allow greater IP management in order to include or exclude a wide IP range via CIDR notation or IP range. The current patterns managed are the following:

  • single IP: "192.168.1.1"
  • IP Range: "192.168.1.1-192.168.1.250"
  • IP Short Range: "192.168.1.1-250"
  • IP Range with subnet: "192.168.1.0/255.255.255.0"
  • CIDR: "192.168.1.0/24"
  • CIDR for IPv6: "fe80::/10"

The allowed and block list are evaluated on configuration loaded. The ExcludeAllowedFromBlocked is meant to give the possibility to specify a wide range of blocked IP and allow a sub range of IPs Default value: false Missing property in SecurityOptions allowed, it assume default value.

e.g. "SecurityOptions": { "IPBlockedList": [ "192.168.0.0/23" ], "IPAllowedList: [ "192.168.0.15", "192.168.1.15"], "ExcludeAllowedFromBlocked": true }

Fabman08 avatar Dec 23 '20 12:12 Fabman08