IPSecurityManager / IPConfig is not a widely used feature. Trend goes further towards filtering IPs on a higher level, in front of Magnolia itself, at least for IP concerns. On the other hand, allowed-method concerns should leverage CORS to control resource access.

Therefore I'm proposing to deprecate the IPSecurityManager, and extract it along with its filter to a new community module, outside of magnolia-core.

The new module should consider external file-based configuration instead (in order to decouple from runtime changes and recover from lock-out scenarios).