|
| 1 | +IP groups is a feature to organize lists of allowed and forbidden IP addresses in several lists with common attributes. |
| 2 | +With this enhancement, users have more control over how a unique policy setting is applied to incoming requests with a specific IP address. |
| 3 | +Each IP Group contains a unique name, enforcement type (always, never and policy-default), list of IP addresses. |
| 4 | + |
| 5 | +An example of a declarative policy using IP Groups configuration: |
| 6 | + |
| 7 | +```json |
| 8 | +{ |
| 9 | + "policy": { |
| 10 | + "name": "IpGroups_policy", |
| 11 | + "template": { |
| 12 | + "name": "POLICY_TEMPLATE_NGINX_BASE" |
| 13 | + }, |
| 14 | + "applicationLanguage": "utf-8", |
| 15 | + "caseInsensitive": false, |
| 16 | + "enforcementMode": "blocking", |
| 17 | + "ip-address-lists": [ |
| 18 | + { |
| 19 | + "name": "Standalone", |
| 20 | + "description": "Optional Description", |
| 21 | + "blockRequests": "policy-default", |
| 22 | + "setGeolocation": "IN", |
| 23 | + "ipAddresses": [ |
| 24 | + { |
| 25 | + "ipAddress": "1.2.3.4/32" |
| 26 | + }, |
| 27 | + { |
| 28 | + "ipAddress": "1111:fc00:0:112::2" |
| 29 | + } |
| 30 | + ] |
| 31 | + } |
| 32 | + ] |
| 33 | + } |
| 34 | +} |
| 35 | + |
| 36 | +``` |
| 37 | +The example with IP-Group definition in external file external_ip_groups.json |
| 38 | + |
| 39 | +```json |
| 40 | +{ |
| 41 | + "policy": { |
| 42 | + "name": "IpGroups_policy2", |
| 43 | + "template": { |
| 44 | + "name": "POLICY_TEMPLATE_NGINX_BASE" |
| 45 | + }, |
| 46 | + "applicationLanguage": "utf-8", |
| 47 | + "caseInsensitive": false, |
| 48 | + "enforcementMode": "blocking", |
| 49 | + "ip-address-lists": [ |
| 50 | + { |
| 51 | + "name": "external_ip_groups", |
| 52 | + "description": "Optional Description", |
| 53 | + "blockRequests": "always", |
| 54 | + "setGeolocation": "IL", |
| 55 | + "ipAddresses": [ |
| 56 | + { |
| 57 | + "ipAddress": "31.8.194.27" |
| 58 | + } |
| 59 | + ], |
| 60 | + "$ref": "file:///tmp/policy/external_ip_groups.json" |
| 61 | + } |
| 62 | + ] |
| 63 | + } |
| 64 | +} |
| 65 | +``` |
| 66 | +Example of the file external_ip_groups.json |
| 67 | + |
| 68 | +```json |
| 69 | +{ |
| 70 | + "name": "External Ip Groups List", |
| 71 | + "description": "Optional Description", |
| 72 | + "blockRequests": "always", |
| 73 | + "setGeolocation": "IR", |
| 74 | + "ipAddresses": [ |
| 75 | + { |
| 76 | + "ipAddress": "66.51.41.21" |
| 77 | + }, |
| 78 | + { |
| 79 | + "ipAddress": "66.52.42.22" |
| 80 | + } |
| 81 | + ] |
| 82 | +} |
| 83 | +``` |
0 commit comments