Access restrictions
============================


.. _ip_based_access_restrictions:

IP-based access restrictions
----------------------------

This section explains where and how IP-based access restrictions are applied in the code.

Before a request is processed further, the system checks whether it is allowed or forbidden:

**ProxyRule.java**

.. code-block:: java

  for (Restriction restriction : restrictions) {
      if (restriction.denies(request)) {
          logger.trace("Request denied. Access forbidden for: {}. ", request.getClientIp());
          return new HandleAction(HttpStatus.SC_FORBIDDEN);
      }
  }

If the address resembles a permitted or forbidden one, the access is regulated accordingly:

**ClientIpRestriction.java**

.. code-block:: java

  @Override
  public boolean denies(HttpRequestMessage request) {
      InetSocketAddress socketAddress = ... ;

      for (IpFilterRule rule : ipFilterRuleList) {
          if (rule.matches(socketAddress)) {
              return rule.ruleType() == IpFilterRuleType.DENY;
          }
      }
      return false;
  }