Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.draskencloud.com/llms.txt

Use this file to discover all available pages before exploring further.

IP filtering is applied before rate limiting. Configure it via the ip_filter field in any policy.

Allowlist (only listed CIDRs pass)

{
  "ip_filter": {
    "mode": "allow",
    "cidrs": ["10.0.0.0/8", "192.168.1.50/32"]
  }
}
All requests from IPs not in the list receive 403 Forbidden.

Denylist (listed CIDRs are blocked)

{
  "ip_filter": {
    "mode": "deny",
    "cidrs": ["198.51.100.0/24"]
  }
}

Fields

FieldDescription
modeallow — only listed CIDRs pass. deny — listed CIDRs are blocked
cidrsList of CIDR ranges (IPv4 or IPv6)

Apply to an App

curl -X POST http://localhost:9090/api/v1/apps \
  -d '{
    "name": "Internal API",
    "slug": "internal-api",
    "gateway_path": "/internal",
    "default_policy": {
      "ip_filter": {
        "mode": "allow",
        "cidrs": ["10.0.0.0/8", "172.16.0.0/12"]
      }
    }
  }'
When Nexus is behind a load balancer or Kubernetes ingress, set GATEWAY_TRUSTED_PROXY_IPS so the real client IP is extracted from X-Forwarded-For rather than the proxy IP.