accesscontrol plugin allows IPs that are NOT in the allow list.

[swilliams11]

If you send a request from an IP address and that IP is not listed in the allow list, then this plugin still allows the request to continue. It should fail in this instance.

Can we update this plugin, lines 24 - 26, as shown below?
https://github.com/apigee/microgateway-plugins/blob/master/accesscontrol/index.js#L24

if (scanIP(config.allow, sourceIP)) {
allow = true;
} else {
allow = false;
}

We should also update lines 30 - 33 as shown below.
https://github.com/apigee/microgateway-plugins/blob/master/accesscontrol/index.js#L30

if (scanIP(config.deny, sourceIP)) {
debug ('deny incoming message');
deny = true;
} else {
deny = false;
}

[jithinrjv]

swilliams, Any update on fixing this issue? Even i have tested the plugin and its looks like its not working as expected.