BBelius.Yarp.ReverseProxy.IPFilters
1.2.0
dotnet add package BBelius.Yarp.ReverseProxy.IPFilters --version 1.2.0
NuGet\Install-Package BBelius.Yarp.ReverseProxy.IPFilters -Version 1.2.0
<PackageReference Include="BBelius.Yarp.ReverseProxy.IPFilters" Version="1.2.0" />
paket add BBelius.Yarp.ReverseProxy.IPFilters --version 1.2.0
#r "nuget: BBelius.Yarp.ReverseProxy.IPFilters, 1.2.0"
// Install BBelius.Yarp.ReverseProxy.IPFilters as a Cake Addin #addin nuget:?package=BBelius.Yarp.ReverseProxy.IPFilters&version=1.2.0 // Install BBelius.Yarp.ReverseProxy.IPFilters as a Cake Tool #tool nuget:?package=BBelius.Yarp.ReverseProxy.IPFilters&version=1.2.0
YARP IP Filter Middleware
A customizable IP filtering middleware for Microsoft's YARP (Yet Another Reverse Proxy) that provides fine-grained control over allowed or blocked IP addresses globally and per-route, ensuring secure and flexible access management.
Features
- Global IP filtering policies
- Route-specific IP filtering policies
- Easy integration with YARP
- Blocklist and allowlist support
- Can dynamically reload configuration changes
Installation
Install the package via NuGet:
dotnet add package BBelius.Yarp.ReverseProxy.IPFilters
Usage
- Add the IP filter policy provider service to the DI services bootstrapping code:
using BBelius.Yarp.ReverseProxy.IPFilters;
[...]
builder.Services.AddIPFilterPolicies(configuration);
[...]
- Add the IP filter middleware to the YARP middleware pipeline:
[...]
// Register the reverse proxy routes
app.MapReverseProxy(proxyPipeline =>
{
proxyPipeline.UseIPFilterPolicies();
proxyPipeline.UseLoadBalancing();
[...]
});
[...]
Recommendation: Add it before any other YARP middleware.
Important: Do not add the middleware to the regular ASP.NET Core pipeline, as it requires access to the YARP HttpContext object.
More information about the YARP middleware pipeline can be found here.
- Configure the IP filter policy provider in your
appsettings.json:
{
"IPFilterConfiguration": {
"EnableGlobalPolicy": true, // Defaults to false
"GlobalPolicyName": "Global", // Optional, defaults to "Global"
"Policies": [
{
// Block remote IPs matching the list
"PolicyName": "Global",
"Mode": "BlockList",
"IPAddresses": ["192.168.0.3", "192.168.0.4"]
},
{
// Block remote IPs not within the networks
"PolicyName": "Intranet",
"Mode": "AllowList",
"IPNetworks": ["192.186.0.0/24"]
},
{
"PolicyName": "TestPolicy",
"Mode": "Disabled",
"IPAddresses": ["192.168.0.3", "192.168.0.4"],
"IPNetworks": ["192.186.0.0/24"]
}
]
}
}
You can use both, IPNetworks and IPAddresses in a policy. If at least one mathces the filter will be applied.
- Configure the YARP routes to use the policies:
{
"ReverseProxy": {
"Routes": [
{
"RouteId": "route1",
"ClusterId": "cluster1",
"Match": {
"Path": "/{**catch-all}"
},
"Metadata": {
"IPFilterPolicy": "Intranet"
}
}
]
}
}
License
This project is licensed under the MIT License - see the LICENSE file for details.
Contributing
Contributions are welcome! Please open an issue or submit a pull request.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Yarp.ReverseProxy (>= 2.1.0)
-
net7.0
- Yarp.ReverseProxy (>= 2.1.0)
-
net8.0
- Yarp.ReverseProxy (>= 2.1.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
### Added
- .Net 8 as target framework
### Fixed
- Ambiguous use of `IPNetwork` when targeting .Net 8