Skip to content
This repository has been archived by the owner on Mar 4, 2019. It is now read-only.

Adding regex support in the IP whitelist #51

Closed
wants to merge 2 commits into from

Conversation

mattk42
Copy link

@mattk42 mattk42 commented Jul 9, 2015

These changes add support for regex values in the ip whitelist config, identified by a leading tilda (~). This is useful in cases where you want to allow all traffic from a specific subnet to access elasticsearch without authentication.

This was accomplished by implementing the whitelist as an object array and then checking the types and doing what is appropriate in the contains methods.

@Xylakant
Copy link
Member

Xylakant commented Jul 9, 2015

I support the idea, but if we want to provide that functionality we should really use proper CIDR notation with a netmask.

@mattk42
Copy link
Author

mattk42 commented Jul 9, 2015

I do agree, I hacked this together yesterday to get a project I am working on moving. But I did realize afterwards that CIDR would have been nice.

Looks like Apache's SubnetUtils library will make this easy (http://commons.apache.org/proper/commons-net/apidocs/org/apache/commons/net/util/SubnetUtils.SubnetInfo.html). I will take a look at moving to that in the next week or so.

@emig
Copy link

emig commented Jul 9, 2015

@mattk42 There is this PR #33 with misleading title that allows CIDR on the whitelist. Was planning to take a look at it tomorrow and eventually merge it

@mattk42
Copy link
Author

mattk42 commented Jul 9, 2015

Ah, must have missed that one. That works for me, I'll go ahead and close this PR. Thanks!

@mattk42 mattk42 closed this Jul 9, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants