{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Adapter for Envoy
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • 日本語コミュニティ
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
0
Question by Sri · Mar 08, 2016 at 04:13 PM · 759 Views access control policyip

IP Whitelisting

Hello there,

I want to block access to a new API, to a few IPs of our organisation. I know I can use the "Access Control policy" for the same. Is there a different way to do it? I mean without having to refer to the IP addresses in the API code. Thanks.

Comment
Add comment Show 1
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Carlos Eberhardt ♦ · Mar 08, 2016 at 04:18 PM 0
Link

Could you clarify the question? It sounds like you're asking how to whitelist IP addresses but not provide the IP addresses. This is challenging. ;-)

Are you looking for other access control methods? Can you explain why you don't want to provide the IP addresses for the whitelist?

Close

1 Answer

  • Sort: 
avatar image
3
Best Answer

Answer by Marc Schreuder · Mar 08, 2016 at 04:37 PM

hi @Sri, welcome to Apigee Community. There are a few different ways, here's a couple of ideas that might help.

The first one is to store the IP addresses either in KVM or in BaaS. You would need to add a policy to get the blocked IP address data from KVM or BaaS in your API Proxy flow and then pass that into the Access Control policy to enforce and, of course, you would also need to develop a way to manage the blocked IP addresses in the data store. If you think there would be a large volume of IP Addresses then BaaS would be a better option for the data store.

A second alternative is to develop a simple microservice and access it via a service call out in your API Proxy flow. You would independently maintain the microservice, make it accessible via an API call where you pass it an IP address and it responds with allowed or blocked. In your API Proxy flow you would extract the incoming IP address and then do the service call out and if it returns blocked then return an appropriate error to the client at that point. This would replace the Access Control policy.

You could implement that microservice as a node app in Edge, and you could also use BaaS for the data store with the IP addresses to block.

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Sri · Mar 13, 2016 at 10:17 PM 0
Link

Thanks for that. I will give these a try. :)

Follow this Question

Answers Answers and Comments

32 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

How to block all calls from outside United States ? 7 Answers

access control policy - ipaddress %1 from f5 0 Answers

IP Whitelist 3 Answers

Access Control policy support on the X-Forwarded-For in the upcoming releases 1 Answer

XFF being populated with an Apigee internal private IP? (paid Edge Cloud, ELB with SSL pass-through to Apigee router) 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2021 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Adapter for Envoy
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • 日本語コミュニティ
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Badges