Solved: Re: Can you define Access control policy to whitel...

adamsanchez · 07-27-2021 04:44 AM

I have an API proxy that uses basic auth with username in the Curl for access and making requests (request.queryparam.username="joe.bloggs") and was wanting to specify for the user specific whitelist ip's for them but cannot seem to get this working for a specific username.

Ive tried adding a condition with (request.queryparam.username="joe.bloggs") and then whats allowed whitelisted from them but not having any luck at all as seems to ignore the query parameter username.

Is there anyway to specifically target a specific username ensuring that they only get access if coming from a specific ip address ? (and off course not affect the entire proxy for everyone else but also denying access for that username if not coming from the whitelisted ip's )

So taking the below from Apigees reference yes i can allow the required IP addresses but can i specifically define a user by username (request.queryparam.username="joe.bloggs") so that it doesnt affect the entire proxy but only for a specific user :

<AccessControl name="ACL">
  <IPRules noRuleMatchAction = "DENY">
    <MatchRule action = "ALLOW">
      <SourceAddress mask="24">198.51.100.1</SourceAddress>
      <SourceAddress mask="24">192.0.2.1</SourceAddress>
      <SourceAddress mask="24">203.0.113.1</SourceAddress>
     </MatchRule>
  </IPRules>
</AccessControl>

dchiesa1

Ive tried adding a condition with (request.queryparam.username="joe.bloggs") and then whats allowed whitelisted from them but not having any luck at all as seems to ignore the query parameter username.

What you're trying to do makes sense. It should work, should be straightforward.

It should look like this:

  <PreFlow name="PreFlow">
    <Request>
      <Step>
        <Name>ACL</Name>
        <Condition>request.queryparam.username = "joe.bloggs"</Condition>
      </Step>
    </Request>
    <Response/>
  </PreFlow>

If you can't get it working, Show what you've got for the condition and step. and the full proxy endpoint, with all of the flows, if you don't mind.

Also, show how you are sending the request. Curl? something else?

View solution in original post

sillan_dt

set the condition as

request.queryparam.username = "joe.bloggs"

you are missing space to both sides of =

View solution in original post

dchiesa1

Ive tried adding a condition with (request.queryparam.username="joe.bloggs") and then whats allowed whitelisted from them but not having any luck at all as seems to ignore the query parameter username.

What you're trying to do makes sense. It should work, should be straightforward.

It should look like this:

  <PreFlow name="PreFlow">
    <Request>
      <Step>
        <Name>ACL</Name>
        <Condition>request.queryparam.username = "joe.bloggs"</Condition>
      </Step>
    </Request>
    <Response/>
  </PreFlow>

If you can't get it working, Show what you've got for the condition and step. and the full proxy endpoint, with all of the flows, if you don't mind.

Also, show how you are sending the request. Curl? something else?

adamsanchez

Thank you as yes was the spacing i was having issues with as works now with :

<Condition>request.queryparam.username equals "joe.bloggs"</Condition>

<Condition>request.queryparam.username = "joe.bloggs"</Condition>

sillan_dt

set the condition as

request.queryparam.username = "joe.bloggs"

you are missing space to both sides of =

adamsanchez

Thanks as yes was the spacing i was having issues with as works now with :

<Condition>request.queryparam.username equals "joe.bloggs"</Condition>

<Condition>request.queryparam.username = "joe.bloggs"</Condition>

Can you define Access control policy to whitelist IP addresses for a specific username ?