API Connect - Filtering requests by source IP with the API Gateway.

I am often asked if there is a way we can limit the range of IPs that we accept calling an API Gateway. This can be done with a GlobalPolicy and a little GatewayScript.

Amit Kumar Singh from my team built some GatewayScript that will do this check.

The GatewayScript will look at the X-Forwarded-For and X-Client-IP headers and evaluate if it is in a hard coded CIDR.

GatewayScript is available here.- https://github.ibm.com/Amit-Kumar-Singh11/apic-scripts

I have taken Amit’s code and wrapped it into a GlobalPolicy. This must be applied via the CLI.

I modified the if statement so that if the request does not match, the request is rejected.

Amit also published his code to the IBM community - https://community.ibm.com/community/user/integration/blogs/amit-kumar-singh/2024/11/05/apic-gateway-script-for-check-source-ips-and?CommunityKey=2106cca0-a9f9-45c6-9b28-01a28f4ce947

Chris Phillips’ Blog - API, Integration and Governance

Home

About

Search

Categories

Guest Authors

API Connect - Filtering requests by source IP with the API Gateway.

ABOUT	APICONNECT	API	DATAPOWER	OPENSHIFT	EVENTSTREAMS	INTEGRATION	DAY2-OPS	ACE
*All opinions expressed here are very much my own or of the author of the article, not those of IBM. All Code provided is provide as is with no support unless otherwise stated.*