IP Blacklist
IP Blacklist policy controls access to a configured API endpoint from a single IP address or a range of IP addresses.
To Start with we will create an mulesoft application and connect it with API manager – please see how we can connect the mulesoft application to API Manager
After deployment of application in Cloudhub the API manager configuration will come as Active
Now we will apply the policy
Select IP blacklist
Now update the policy configuration
IP expression – this is the expression from where the policy will source the IP address from incoming request
So here also we have two way of capturing incoming request’s IP address
- The API is behind the Dedicated Load Balancer (DLB) or Shared Load Balancer (SLB)
We use attributes.headers[‘X-Forwarded-For’] as this will hold the actual originator IP address. This is populated by the proxy services or load balancer when they route it to actual target
- The request hits the worker of the API directly
We use attributes.remoteAddress as this will host the Client IP address
In case of above scenario attributes.remoteAddress will hold the IP address of the Proxy server or Load balancer
Blacklist
This can be your IP address or IP range
Now if I look for my IP address then it’s come out to be
Let’s update the IP blacklist configuration
#[attributes.headers[‘X-Forwarded-For’]] for IP expression and My IP address as Blacklist IP
Click apply
Now if I hit this API then I’ll get
To understand the attributes.headers[‘X-Forwarded-For’] and attributes.remoteAddress better then we will add the log for these two attributes value
Now if we look into the Cloudhub logs
18.219.185.76:18162 and /13.59.208.11:28936 are both remoteAddress whereas 106.210.75.203 is X-Forwarded-For or Originator address
As we are using Cloudhub shared load balancer so that’s why remoteAddress is changing as per forwarding Load balancer
Sample mule application – sample-rest-service-ip-blacklist
SOAP UI application – sample-rest-service-ip-black-soapui-project
Very Useful
Thank You