This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Dynmic IP Whitelisting

Posted on 11-14-2021 10:55 PM
ankitkrsingha
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi All,

I'm looking into IP whitelisting using KVM javascript instead of using the ACL policy, as I'm expecting a dynamic IP array from KVM and as ACL cannot work with an IP array I'm thinking to use JS to check the KVM IP against the X-forwarded-for IP

Please suggest how much feasible is this approach, would there be any issue with Message Processors handling IP..?
If so, what alternate solution can be employed here?

cc: @DChiesa 

0 1 69
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Please suggest how much feasible is this approach,

Very feasible.

No problem doing this. You'll need to take care parsing the X-F-F header, to select the "right" IP Address.

Within the JS policy you can simply throw an exception , in the case of a disallowed IP address. And then use a FaultRule to handle the exception in the proxy. There are prior examples of this, I think, posted here on community in the history. I suggest you search for some examples. (I haven't searched myself, I just have a vague memory that this topic has been covered in the past here on the Apigee community forum).

0 Likes