Skip to main content

Version: 3.2.16.3

Restrict IP Addresses from APIs

You can configure access controls based on IP addresses to prevent unwanted users from accessing your APIs.

This guide will walk you through configuring the ip-restriction plugin on a gateway group as a global rule, to block IP addresses in a blacklist. If a request comes from an IP address in the blacklist, the API7 Gateway will deny the request with a 403 response code. The IP address of the request can be either the actual client IP address or the X-Forwarded-For address.

Prerequisite(s)

  1. Install API7 Enterprise.
  2. Have a running API on the gateway group.

Configure IP Address Restriction on a Gateway Group

When malicious actors are identified, add their IP addresses to the blacklist to restrict their access to your APIs.

  1. Select Plugin Settings of your the gateway group from the side navigation bar.
  2. Select Plugin Global Rules, then click Enable Plugin.
  3. Search for the ip-restriction plugin, then click Enable.
  4. In the dialog box, do the following:
  • Add the following configuration to the JSON Editor to add the IP address 127.0.0.1 to the blacklist:

    {
    "blacklist": ["127.0.0.1"],
    "message": "Sorry, your IP address is not allowed."
    }
  • Click Enable.

Validate

Send a request from the restricted IP address. For this example, 127.0.0.1 was configured as a blacklisted IP address:

curl -i "http://127.0.0.1:9080/ip" 

You will receive a 503 Service Temporarily Unavailable response with the following message:

{"error_msg":"Sorry, your IP address is not allowed."}

Additional Resource(s)


API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

API7 Cloud

SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN Ltd. 2019 – 2024. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the

Apache Software Foundation