This repository has been archived by the owner on Apr 23, 2019. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a whitelisting feature to allow a certain range of IP-addresses.
Usefull for that (in-house) testing, staging or v2.0 environment.
Each app can have an "access" entry. Where you can add a list of IP-addresses
that are allowed. When defined, each address will be added to the nginx configuration as allowed, all other addresses will be denied.
More information on the Nginx documentation
The template will add the denied, then the allowed IP-addresses.
This will only allow users from 127.0.0.1 access to the app. All others will be denied.
This will allow access for users from IP range 127.0.0.0/24, but makes an exception for IP-address 127.0.0.1 which is denied access.
NOTE: the denied is not meant to replace full-blown IP-blocking. Its intended
use is to allow IPB-blocks in allow, then remove one or two specific ones by denying them again.
I.e: to aid the whitelisting, not to be used as a blacklisting. But when using only the denied list, you can have blacklisting. However, the moment you add an allowed address, we add "deny all" to the access configuration.
NOTE: This is not meant to replace access control, nor will it scale well for
large amounts of IP-addresses. The intented use is to open up e.g. a testing version
of an app to a limited set of users.