The consumer-restriction can restrict access to a Service or a Route by either whitelisting or blacklisting consumers. Support single or multiple consumers.
| Name | Requirement | Description |
|---|---|---|
| whitelist | optional | List of consumers to whitelist |
| blacklist | optional | List of consumers to blacklist |
One of whitelist or blacklist must be specified, and they can not work together.
Creates a route or service object, and enable plugin consumer-restriction.
curl http://127.0.0.1:9080/apisix/admin/consumers/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' { "username": "jack1", "plugins": { "basic-auth": { "username":"jack2019", "password": "123456" } } }' curl http://127.0.0.1:9080/apisix/admin/consumers/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' { "username": "jack2", "plugins": { "basic-auth": { "username":"jack2020", "password": "123456" } } }' curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/index.html", "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:1980": 1 } }, "plugins": { "basic-auth": {}, "consumer-restriction": { "whitelist": [ "jack1" ] } } }'
Requests from jack1:
$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html HTTP/1.1 200 OK ...
Requests from jack2:
$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i HTTP/1.1 403 Forbidden ... {"message":"You are not allowed"}
When you want to disable the consumer-restriction plugin, it is very simple, you can delete the corresponding json configuration in the plugin configuration, no need to restart the service, it will take effect immediately:
$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "uri": "/index.html", "upstream": { "type": "roundrobin", "nodes": { "127.0.0.1:1980": 1 } }, "plugins": { "basic-auth": {} } }'
The consumer-restriction plugin has been disabled now. It works for other plugins.