Can I add a condition to allow healthcheck API and not to restrict it with any IP address restrictions in Access control policy?
<AccessControl async="false" continueOnError="false" enabled="true" name="Access-Control">
<DisplayName>Access Control</DisplayName>
<Properties/>
<IPRules noRuleMatchAction="DENY">
<MatchRule action="ALLOW">
<SourceAddress mask="32">x.x.x.x</SourceAddress>
</MatchRule>
<MatchRule action = "ALLOW">
<Step>
<Condition>(proxy.pathsuffix MatchesPath "/health") and (request.verb = "GET")</Condition>
<Name>Allow Healthcheck</Name>
</Step>
</MatchRule>
</IPRules>
</AccessControl>
Is this right way to add condition? (Editor's Note: No.)
You can add a condition but it does not belong in the policy. Your policy should express the control you want. In this case, something like this:
<AccessControl name="Access-Control">
<DisplayName>Access Control</DisplayName>
<IPRules noRuleMatchAction="DENY">
<MatchRule action="ALLOW">
<SourceAddress mask="32">x.x.x.x</SourceAddress>
</MatchRule>
</IPRules>
</AccessControl>
Then, in the ProxyEndpoint, you must "attach" that step. (This is not strictly true. You can attach that step to a SharedFlow which is connected to a FlowHook, but ... in the simple case, you just attach it into your ProxyEndpoint.). Be sure to attach it in the Request flow, probably in the Request PreFlow. Wrap it in a Condition that evaluates to TRUE when you DO want to enforce the access control. IE evaluates to true when it is NOT a healthcheck API call. It might look like this:
<ProxyEndpoint name='endpoint1'>
<HTTPProxyConnection>
<BasePath>/my-base-path</BasePath>
<Properties/>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<FaultRules>...</FaultRules>
<PreFlow name='PreFlow'>
<Request>
<Step>
<Name>Access-Control</Name>
<Condition>NOT ((proxy.pathsuffix MatchesPath "/health") and (request.verb = "GET"))</Condition>
</Step>
</Request>
<Response>
...
</Response>
</PreFlow>
<PostFlow name='PostFlow'>...</PostFlow>
<Flows>...</Flows>
<RouteRule ...> ...</RouteRule>
</ProxyEndpoint>