This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to Allow a range of IPs without writing down each of them manually in Access Control

Posted on 12-10-2019 02:36 AM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

Suppose I need to Allow IPs of the range: 10.10.80.0 - 10.10.95.255 inside Access Control Policy

Currently I am writing them like below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="AC-Test">
    <DisplayName>AC-Test</DisplayName>
    <Properties/>
    <IPRules noRuleMatchAction="DENY">
        <MatchRule action="ALLOW">
            <SourceAddress mask="24">10.10.80.0</SourceAddress>
            <SourceAddress mask="24">10.10.81.0</SourceAddress>
		.
		.
		.
            <SourceAddress mask="24">10.10.95.0</SourceAddress>
        </MatchRule>
    </IPRules>
</AccessControl>

Is there any other way to write them in single line?

Solved Solved
1 3 656
Topic Labels
Jump to Solution
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

The easiest way to calculate CIDR range is here:

https://www.ipaddressguide.com/cidr

Here we can get the fine tuned mask value for a given IP range.

e.g. For the mentioned IP range (10.10.80.0 - 10.10.95.255) the output is 10.10.80.0/20

So, to write down the range it will be like below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="AC-Test">
    <DisplayName>AC-Test</DisplayName>
    <Properties/>
    <IPRules noRuleMatchAction="DENY">
        <MatchRule action="ALLOW">
            <SourceAddress mask="20">10.10.80.0</SourceAddress>
        </MatchRule>
    </IPRules>
</AccessControl>

View solution in original post

Jump to Solution
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
bhatikuldeep
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

This should help -

https://community.apigee.com/questions/29995/implement-access-control-policy-for-too-many-ip-ad.html

Jump to Solution
Reply

Posted on --/--/---- --:-- AM
abhinabanag92
New Member
Reply posted on --/--/---- --:-- AM

The easiest way to calculate CIDR range is here:

https://www.ipaddressguide.com/cidr

Here we can get the fine tuned mask value for a given IP range.

e.g. For the mentioned IP range (10.10.80.0 - 10.10.95.255) the output is 10.10.80.0/20

So, to write down the range it will be like below:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="AC-Test">
    <DisplayName>AC-Test</DisplayName>
    <Properties/>
    <IPRules noRuleMatchAction="DENY">
        <MatchRule action="ALLOW">
            <SourceAddress mask="20">10.10.80.0</SourceAddress>
        </MatchRule>
    </IPRules>
</AccessControl>
Jump to Solution
Reply

Posted on --/--/---- --:-- AM
nsaini
New Member
In response to abhinabanag92
Reply posted on --/--/---- --:-- AM

https://docs.apigee.com/api-platform/reference/policies/access-control-policy#cidr

Jump to Solution
Reply