For Sparkle- and XData Server:
It would be great if there would be a property "WhiteList" and "BlackList" where a list of IP Addresses could be inserted.
If the WhiteList as any entries, only these can access the server. All others are refused.
If the BlackList as any entries, these addresses has no more access rights. All others still have.
It should not matter, if the IP Address has correct username and password transferred.
That could be easily implemented by using a middleware. You can just check the IP of the request and return a 404 (or 403) if the IP is not allowed.
This feature will not be implemented.