Black list and White list IP addresses
Posted: Sun Feb 17, 2019 11:51 amIs there a way of white listing and black listing ip addresses from connecting to the web api as I know the route /Staff/Current/List contains the remote IP addresses?
Hi Stuart,
Not out of the box - we certainly could add that but I think the best approach for hardening the API would be to stand up a proxy in front of it and leverage the years of battle tested hardening that's gone into them - like Nginx.
This is the approach Microsoft has taken with the lightweight Kestrel HTTP server in ASP.NET Core - it's not trying to be anything but a lightweight HTTP server and the official guidance is to NOT front Kestrel to public internet facing traffic, but put a hardened proxy in front.
If you want a quick and dirty solution, a request filter could be added via plugin to look at a whitelist or blacklist and refuse requests based on that - I've not done this but I think it would be a fairly easy plugin to do.
Let me know if you need that instead of the recommended proxy option.
Mike
