Tuesday, October 3, 2017

Whitelisting and Blacklisting IPs for APIs in API Manager

Most of the time we come across different scenarios where we need to,
  • Whitelist an IP for an API (Limiting API access for a given IP only)
  • Blacklisting an IP for an API (Blocking API access for a given IP/Ips only)
WSO2 API Manager 2.0.0 and 2.1.0 allows you to achieve whitelisting/blacklisting via the features provided by WSO2 API Traffic Manager.

Let's look into both use cases and how to come up with a solution via API manager.

Whiltelisting an IP

Suppose you want to restrict the API for IP with address '10.100.5.103' and block access to all other IPs. We can use an advanced throttling policy to achieve this. Please follow below steps.

1. Log in to the Admin Portal using the URL https://localhost:9443/admin and your admin credentials.

2. Select Throttling Policies > Advanced Throttling Policies 

      

 3. To add a new tier, click Add Tier 










4. Fill in the basic details like tier name, descriptions and click Add Conditional Group to add throttling conditions to the policy.
























 5. Click on conditional group to add conditional group details.




6. Fill the condition group details. In that case, you need to enable IP condition and specify the IP that you need to whitelist. Once the invert condition is enabled and set the throttling limit to be 0 then none of the requests coming from IPs other than the whitelisting IP will be served by gateway. After filling the details, click save. 


Now the policy is created successfully and you need to engage this policy with a particular API that you need to whitelist.

 For that,
1. Login to API Publisher http://localhost:9443/publisher

2. In the 'Manage' tab of API create/update window, enable advanced throttling for API and select throttling policy that we have created before.















3. Save and Publish API

Now the API will be accessible only by the IP/IPs specified in throttling policy.

Note: Since it takes some time to deploy the policy, the first few requests from the IPs other that the whitelisted IP/IPs will be allowed to pass through. After the policy is successfully deployed, non whitelisted IP access will be blocked.

Blacklisting an IP

Please refer to https://docs.wso2.com/display/AM210/Managing+Throttling#ManagingThrottling-Blacklistingrequests on how to blacklist an IP
    at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Whitelisting and Blacklisting IPs for APIs in API Manager

    Most of the time we come across different scenarios where we need to, Whitelist an IP for an API (Limiting API access for a given IP only)...