API Connect filtering by Source IP

Today someone asked me once again how we can filter calls so that we are able to have an allow list or deny list of APIs for API Calls.

The following assembly can easily be placed in an API, Custom Policy or a Global Policy. I am putting it here to show the rough logic that I used. This would need changing for more complex use cases and so I am not going to publish this as a Global Policy or a Custom Policy. An example of a Global Policy and Custom Policy can be found here https://chrisphillips-cminion.github.io/apiconnect/2023/04/15/hmac-apic.html

The Client IP is available in X-Client-IP header that is the message object.

let clientip = context.get('message.headers')['X-Client-IP']

console.error('clientip',clientip)

if(clientip.indexOf('173')==0) {
    context.reject('CustomError','BLOCKED IP')
}

In the code above we reject any request where the Client IP is starts with 173. As you can see this code is very simple and it can easily be extended to turn into an allow list or to add multiple IP ranges.

Chris Phillips’ Blog - API, Integration and Governance

Home

About

Search

Categories

Guest Authors

API Connect filtering by Source IP

ABOUT	APICONNECT	API	DATAPOWER	OPENSHIFT	EVENTSTREAMS	INTEGRATION	DAY2-OPS	ACE
*All opinions expressed here are very much my own or of the author of the article, not those of IBM. All Code provided is provide as is with no support unless otherwise stated.*