IP User filter

Purpose


The IP User filter can populate the X-PP-User header (useful for Rate Limiting) using the client's IP address in the request.  The filter can also populate the X-PP-Groups header as defined in configuration.  Prior to Repose 8, this filter did not support using the X-Forwarded-For header in the request (see IP Identity filter instead).  Starting in Repose 8, this filter will correctly use the first value (i.e. the client's IP address) in the X-Forwarded-For header when it is present in the request.

General filter information


Filter name: ip-user

Filter configuration: ip-user.cfg.xml

Release: v7.2.2.0

Prerequisites


HeadersThe IP User filter has no required request headers.

Preceding filtersThe IP User filter has no required preceding filters.

Basic configuration


Optional configuration


Configurable parameters


XML schema definition

Example configuration

The ip-user.cfg.xml file contains the following elements and attributes. Add the filter to your Repose deployment through the system model configuration.

ElementsAttributes

Required/

Optional

Description
<ip-user>-RequiredSpecifies the sub-elements and attributes to define your IP User configuration.
<user-header> Optional

Specifies the header name and quality for the User information (i.e. IP Address).

NOTE: If present, then it must be the first element.

nameOptionalSpecifies the header name. Default: X-PP-User.
qualityOptionalSpecifies the quality to associate with the User information. Default: 0.4
<group-header>-Optional

Specifies the header name and quality for the Group information (i.e. IP Address).

NOTE: If present, then it must be the element directly before the first group element.

nameOptionalSpecifies the header name. Default: X-PP-Groups.
qualityOptionalSpecifies the quality to associate with the Group information. Default: 0.4
<group>-RequiredA group of Classless Inter-Domain Routing (CIDR) addresses.
nameRequiredThe group name associated with these addresses.
<cidr-ip>-RequiredA CIDR formatted address used for matching.

The order of the group elements determines the order in which they are tested. Only the first group that has a CIDR match will be added to the specified group header.

Return codes and conditions


This filter does not return specific response codes. The request will simply pass through to the next filter or to the origin service.

Request headers created


  • X-PP-User will be set to the source IP.  The name of the header can be specified in config.
  • X-PP-Groups will have the value of the first group's name with a matching Classless Inter-Domain Routing (CIDR) address.  If none match, the header will not be added.  The name of the header can be specified in config.