Black list and White list IP addresses
Posted:
Sun Feb 17, 2019 11:51 am
by SBarnes
Is there a way of white listing and black listing ip addresses from connecting to the web api as I know the route /Staff/Current/List contains the remote IP addresses?
Re: Black list and White list IP addresses
Posted:
Sun Feb 17, 2019 5:19 pm
by Mike.Sheen
Hi Stuart,
Not out of the box - we certainly could add that but I think the best approach for hardening the API would be to stand up a proxy in front of it and leverage the years of battle tested hardening that's gone into them - like Nginx.
This is the approach Microsoft has taken with the lightweight Kestrel HTTP server in ASP.NET Core - it's not trying to be anything but a lightweight HTTP server and the official guidance is to NOT front Kestrel to public internet facing traffic, but put a hardened proxy in front.
If you want a quick and dirty solution, a request filter could be added via plugin to look at a whitelist or blacklist and refuse requests based on that - I've not done this but I think it would be a fairly easy plugin to do.
Let me know if you need that instead of the recommended proxy option.
Mike
Re: Black list and White list IP addresses
Posted:
Sun Feb 17, 2019 5:45 pm
by SBarnes
Thanks Mike,
to do the request filter option I believe there is enough information here
https://forums.jiwa.com.au/viewtopic.php?f=32&t=976
Re: Black list and White list IP addresses
Posted:
Sun Feb 17, 2019 6:00 pm
by Mike.Sheen
Thanks for linking that - I was all ready to re-invent the plugin I'd forgotten I'd previously done!