nginx-ip-whitelister icon indicating copy to clipboard operation
nginx-ip-whitelister copied to clipboard

Published 20 hours ago verified publisher icon zuavra

Disable /approve functionality

Open kalipso-cyber opened this issue 6 months ago • 2 comments

Hey,

love the project and thank you for the detailed documentation!

Regarding this:

You can also use /approve to always unconditionally pass the check, and /reject to always unconditionally fail the check (for integration tests).

I've just checked and it seems that this always works. Is there an option to somehow disable this behaviour? Otherwise it becomes fairly trivial for anyone to circumvent the whitelist, which adds a major pain point to the otherwise - for my usecase - bearable consequences of using IP-based authentication.

EDIT: Forgot to mention that in general, the whitelister is working marvelously! Very easy to set up, very functional, nicely documented - again, thank you very much. I'm really loving this!

kalipso-cyber avatar Sep 01 '24 21:09 kalipso-cyber