API Connect - Filtering requests by source IP with the API Gateway.
I am often asked if there is a way we can limit the range of IPs that we accept calling an API Gateway. This can be done with a GlobalPolicy and a little GatewayScript.
Amit Kumar Singh from my team built some GatewayScript that will do this check.
The GatewayScript will look at the X-Forwarded-For
and X-Client-IP
headers and evaluate if it is in a hard coded CIDR.
GatewayScript is available here.- https://github.ibm.com/Amit-Kumar-Singh11/apic-scripts
I have taken Amit’s code and wrapped it into a GlobalPolicy. This must be applied via the CLI.
I modified the if statement so that if the request does not match, the request is rejected.
Amit also published his code to the IBM community - https://community.ibm.com/community/user/integration/blogs/amit-kumar-singh/2024/11/05/apic-gateway-script-for-check-source-ips-and?CommunityKey=2106cca0-a9f9-45c6-9b28-01a28f4ce947