17 IP Address Restrictions - Reference Documentation
Authors: Burt Beckwith, Beverley Talbott
Version: 2.0.0
17 IP Address Restrictions
Ordinarily you can guard URLs sufficiently with roles, but the plugin provides an extra layer of security with its ability to restrict by IP address.| Property | Default Value | Meaning |
|---|---|---|
| ipRestrictions | none | Map of URL patterns to IP address patterns. |
ipRestrictions configuration map, where the keys are URL patterns, and the values are IP address patterns that can access those URLs. The IP patterns can be single-value strings, or multi-value lists of strings. They can use CIDR masks, and can specify either IPv4 or IPv6 patterns. For example, given this configuration:grails.plugin.springsecurity.ipRestrictions = [ '/pattern1/**': '123.234.345.456', '/pattern2/**': '10.0.0.0/8', '/pattern3/**': ['10.10.200.42', '10.10.200.63'] ]
pattern1 URLs can be accessed only from the external address 123.234.345.456, pattern2 URLs can be accessed only from a 10.xxx.xxx.xxx intranet address, and pattern3 URLs can be accessed only from 10.10.200.42 or 10.10.200.63. All other URL patterns are accessible from any IP address.All addresses can always be accessed from localhost regardless of IP pattern, primarily to support local development mode.You cannot compare IPv4 and IPv6 addresses, so if your server supports both, you need to specify the IP patterns using the address format that is actually being used. Otherwise the filter throws exceptions. One option is to set thejava.net.preferIPv4Stacksystem property, for example, by adding it toJAVA_OPTSorGRAILS_OPTSas-Djava.net.preferIPv4Stack=true.