Access restrictions

IP-based access restrictions

This section explains where and how IP-based access restrictions are applied in the code.

Before a request is processed further, the system checks whether it is allowed or forbidden:

ProxyRule.java

for (Restriction restriction : restrictions) {
    if (restriction.denies(request)) {
        logger.trace("Request denied. Access forbidden for: {}. ", request.getClientIp());
        return new HandleAction(HttpStatus.SC_FORBIDDEN);
    }
}

If the address resembles a permitted or forbidden one, the access is regulated accordingly:

ClientIpRestriction.java

@Override
public boolean denies(HttpRequestMessage request) {
    InetSocketAddress socketAddress = ... ;

    for (IpFilterRule rule : ipFilterRuleList) {
        if (rule.matches(socketAddress)) {
            return rule.ruleType() == IpFilterRuleType.DENY;
        }
    }
    return false;
}