API Connect filtering by Source IP
source link: https://chrisphillips-cminion.github.io/apiconnect/2023/09/01/APIC-IPAD.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
API Connect filtering by Source IP
API Connect filtering by Source IP
Sep 1, 2023 • Category APIConnect by Chris Phillips
Today someone asked me once again how we can filter calls so that we are able to have an allow list or deny list of APIs for API Calls.
The following assembly can easily be placed in an API, Custom Policy or a Global Policy. I am putting it here to show the rough logic that I used. This would need changing for more complex use cases and so I am not going to publish this as a Global Policy or a Custom Policy. An example of a Global Policy and Custom Policy can be found here https://chrisphillips-cminion.github.io/apiconnect/2023/04/15/hmac-apic.html
The Client IP is available in X-Client-IP header that is the message object.
let clientip = context.get('message.headers')['X-Client-IP']
console.error('clientip',clientip)
if(clientip.indexOf('173')==0) {
context.reject('CustomError','BLOCKED IP')
}
In the code above we reject any request where the Client IP is starts with 173. As you can see this code is very simple and it can easily be extended to turn into an allow list or to add multiple IP ranges.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK