API Connect filtering by Source IP
Today someone asked me once again how we can filter calls so that we are able to have an allow list or deny list of APIs for API Calls.
The following assembly can easily be placed in an API, Custom Policy or a Global Policy. I am putting it here to show the rough logic that I used. This would need changing for more complex use cases and so I am not going to publish this as a Global Policy or a Custom Policy. An example of a Global Policy and Custom Policy can be found here https://chrisphillips-cminion.github.io/apiconnect/2023/04/15/hmac-apic.html
The Client IP is available in X-Client-IP
header that is the message object.
let clientip = context.get('message.headers')['X-Client-IP']
console.error('clientip',clientip)
if(clientip.indexOf('173')==0) {
context.reject('CustomError','BLOCKED IP')
}
In the code above we reject any request where the Client IP is starts with 173
. As you can see this code is very simple and it can easily be extended to turn into an allow list or to add multiple IP ranges.