IP Blacklist

 

IP Blacklist policy controls access to a configured API endpoint from a single IP address or a range of IP addresses.

To Start with we will create an mulesoft application and connect it with API manager – please see how we can connect the mulesoft application to API Manager

After deployment of application in Cloudhub the API manager configuration will come as Active

IP Blacklist

 

Now we will apply the policy

IP Blacklist

 

Select IP blacklist

IP Blacklist

 

Now update the policy configuration

IP Blacklist

 

IP expression – this is the expression from where the policy will source the IP address from incoming request

So here also we have two way of capturing incoming request’s IP address

  • The API is behind the Dedicated Load Balancer (DLB) or Shared Load Balancer (SLB)

We use attributes.headers[‘X-Forwarded-For’] as this will hold the actual originator IP address. This is populated by the proxy services or load balancer when they route it to actual target

  • The request hits the worker of the API directly

We use attributes.remoteAddress as this will host the Client IP address

In case of above scenario attributes.remoteAddress will hold the IP address of the Proxy server or Load balancer

Blacklist

This can be your IP address or IP range

 

Now if I look for my IP address then it’s come out to be

IP Blacklist

 

Let’s update the IP blacklist configuration

#[attributes.headers[‘X-Forwarded-For’]] for IP expression and My IP address as Blacklist IP

 

Click apply

 

Now if I hit this API then I’ll get

 

To understand the attributes.headers[‘X-Forwarded-For’] and attributes.remoteAddress better then we will add the log for these two attributes value

 

Now if we look into the Cloudhub logs

 

18.219.185.76:18162 and /13.59.208.11:28936 are both remoteAddress whereas 106.210.75.203 is X-Forwarded-For or Originator address

As we are using Cloudhub shared load balancer so that’s why remoteAddress is changing as per forwarding Load balancer

Sample mule application – sample-rest-service-ip-blacklist

SOAP UI application – sample-rest-service-ip-black-soapui-project

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.


Share this:
Subscribe
Notify of
guest
1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Rizwan
Rizwan
1 year ago

Very Useful
Thank You