IP Filter Plugin

The IP Filter plugin allows you to restrict access to your endpoints based on the client’s IP address. This is ideal for internal APIs, partner integrations, or securing administrative interfaces.

⚙️ Configuration

The plugin supports both allowlist and denylist strategies.

- urn: "urn:crate:plugin:ip-filter"
  name: "internal-allowlist"
  type: "request_filter"
  active: true
  config:
    allow: 
      - "127.0.0.1"
      - "192.168.1.0/24"
    deny:
      - "8.8.8.8"

Field Definitions

Field	Type	Description
`allow`	[]string	List of IP addresses or CIDR blocks that are permitted.
`deny`	[]string	List of IP addresses or CIDR blocks that are rejected.

[!NOTE] If both allow and deny are provided, the deny list is checked first. If the IP is not in either list, access is denied by default if an allow list is present.

🚀 Examples

1. Allow only Internal Traffic

config:
  allow: ["10.0.0.0/8"]

2. Block Known Malicious IPs

config:
  deny: ["1.2.3.4", "5.6.7.8"]