Skip to content
/ YARP.ReverseProxy.IPFilters Public
forked from bbelius/YARP.ReverseProxy.IPFilters

A customizable IP filtering middleware for YARP, providing fine-grained control over allowed or blocked IPs globally and per-route.

License

MIT license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Elementenfresser/YARP.ReverseProxy.IPFilters

BranchesTags
 
 

Repository files navigation

YARP IP Filter Middleware

A customizable IP filtering middleware for Microsoft's YARP (Yet Another Reverse Proxy) that provides fine-grained control over allowed or blocked IP addresses globally and per-route, ensuring secure and flexible access management.

Features

  • Global IP filtering policies
  • Route-specific IP filtering policies
  • Easy integration with YARP
  • Blocklist and allowlist support
  • Can dynamically reload configuration changes

Installation

Install the package via NuGet:

dotnet add package BBelius.Yarp.ReverseProxy.IPFilters

Usage

  1. Add the IP filter policy provider service to the DI services bootstrapping code:
using BBelius.Yarp.ReverseProxy.IPFilters;
[...]
builder.Services.AddIPFilterPolicies(configuration);
[...]
  1. Add the IP filter middleware to the YARP middleware pipeline:
[...]
// Register the reverse proxy routes
app.MapReverseProxy(proxyPipeline =>
{
   proxyPipeline.UseIPFilterPolicies();
   proxyPipeline.UseLoadBalancing();
   [...]
});
[...]

Recommendation: Add it before any other YARP middleware. Important: Do not add the middleware to the regular ASP.NET Core pipeline, as it requires access to the YARP HttpContext object. More information about the YARP middleware pipeline can be found here.

  1. Configure the IP filter policy provider in your appsettings.json:
{
  "IPFilterConfiguration": {
    "EnableGlobalPolicy": true, // Defaults to false
    "GlobalPolicyName": "Global", // Optional, defaults to "Global"
    "Policies": [
      {
      // Block remote IPs matching the list
        "PolicyName": "Global",
        "Mode": "BlockList",
        "IPAddresses": ["192.168.0.3", "192.168.0.4"]
      },
      {
      // Block remote IPs not within the networks
        "PolicyName": "Intranet", 
        "Mode": "AllowList",
        "IPNetworks": ["192.186.0.0/24"]
      },
      {
        "PolicyName": "TestPolicy",
        "Mode": "Disabled",
        "IPAddresses": ["192.168.0.3", "192.168.0.4"],
        "IPNetworks": ["192.186.0.0/24"]
      }
    ]
  }
}

You can use both, IPNetworks and IPAddresses in a policy. If at least one mathces the filter will be applied.

  1. Configure the YARP routes to use the policies:
{
  "ReverseProxy": {
    "Routes": [
      {
        "RouteId": "route1",
        "ClusterId": "cluster1",
        "Match": {
          "Path": "/{**catch-all}"
        },
        "Metadata": {
          "IPFilterPolicy": "Intranet"
        }
      }
    ]
  }
}

License

This project is licensed under the MIT License - see the LICENSE file for details.

Contributing

Contributions are welcome! Please open an issue or submit a pull request.

About

A customizable IP filtering middleware for YARP, providing fine-grained control over allowed or blocked IPs globally and per-route.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 100.0%