That isn’t what I expected, there was not whitelist or blacklist specified in the API, it was not intended for you to add a whitelist configuration to the API, I wanted to see the results of the call from the API as-is.
To give you some background, the whitelist IP function calculates the source IP using a few methods, trying one after another (the calculated value is held in the request context variable and reused if needed):
- The value of the X-Real-IP header
- The first value in the list of IPs included in the X-Forwarded-For header
- The address of the peer device connecting to the Gateway
You can even review this functionality, as RealIP() can be seen in GitHub as part of the gateway project.
Since the first two attempts are derived from incoming HTTP headers, the API I offered exposes the relevant headers to examine the values. I don’t believe you are using the IP Whitelisting incorrect, so therefore examining the data that feeds into the IP Whitelisting check is the next step. If you call the API I uploaded without adding any Whitelisting or Blacklisting it adds the headers to the request, and the httpbin response will include this information, and it can be determined if the value supplied is relevant and causing the Whitelist IP functionality to act abnormally for you.
Best Regards,
Chris