diff --git a/.travis.yml b/.travis.yml
index dff5f3a..f5c99a7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1 +1 @@
-language: java
+language: java
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e795edc..792f389 100644
--- a/pom.xml
+++ b/pom.xml
@@ -75,6 +75,12 @@
hawkj
1.3
+
+
+ commons-net
+ commons-net
+ 3.3
+
diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/AbstractAuthRestFilter.java b/src/main/java/com/asquera/elasticsearch/plugins/http/AbstractAuthRestFilter.java
index a002f63..8bdcd3a 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/AbstractAuthRestFilter.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/AbstractAuthRestFilter.java
@@ -5,6 +5,7 @@
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
+import org.apache.commons.net.util.SubnetUtils;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
@@ -19,7 +20,7 @@
//# possible http config
//http.basic.user: admin
//http.basic.password: password
-//http.basic.ipwhitelist: ["localhost", "somemoreip"]
+//http.basic.ipwhitelist: ["localhost", "somemoreip" , "192.168.1.0/24"]
//http.basic.xforward: "X-Forwarded-For"
//# if you use javascript
//# EITHER $.ajaxSetup({ headers: { 'Authorization': "Basic " + credentials }});
@@ -110,6 +111,11 @@ protected boolean isInIPWhitelist(RestRequest request) {
// addr, request.path(), request.params());
if (whitelist.isEmpty() || addr.isEmpty())
return false;
+ // Check if there are CIDR in whitelist configuration and then use it!
+ if (addr.contains("/")) {
+ SubnetUtils utils = new SubnetUtils(addr);
+ return utils.getInfo().isInRange(addr);
+ }
return whitelist.contains(addr);
}