Skip to content

access-control-list

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

access-control-list

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
apis.yaml
apis.yaml
 
 
membrane.cmd
membrane.cmd
 
 
membrane.sh
membrane.sh
 
 
proxies.xml
proxies.xml
 
 

README.md

ACCESS CONTROL

The accessControl plugin lets you restrict who can call your APIs. Rules can match the client by IP address (IPv4/IPv6, optional CIDR) or by hostname (regex). Rules are evaluated top to bottom. The first matching rule decides. If nothing matches, access is denied.

RUNNING THE EXAMPLE

  1. Start Membrane from this directory: 
    ./membrane.sh
    or on Windows: 
    membrane.cmd
  2. Call the API on port 2000 (allowed for everyone): 
    curl http://localhost:2000/
  3. Call /products (allowed on localhost): 
    curl http://localhost:2000/products
  4. Call /vendors (denied for localhost): 
    curl http://localhost:2000/vendors
  5. Open the apis.yaml file to see how the three API routes are defined and how accessControl is applied per route.

Notes:

  • Hostname rules are regexes matched against the peer hostname (resolved only when hostname rules exist).
  • IP rules support CIDR (e.g., 10.0.0.0/8, 2001:db8::/64), and work for both IPv4 and IPv6.

See: