Access Control based on IP Address
Last updated
Last updated
Go to to check your IP Address.
Note. You can also use curl https://ifconfig.me command to get your host IP address.
Switch to 3scale admin web console, click API link in the Products panel from the main dashboard.
Select Integration -> Policies menu from left panel. Then click + Add policy link.
Look for the IP Check policy then click on it.
The policy will be added to Policy Chain. Click on the IP Check policy to configure it.
Enter following details, then click Update Policy button.
Specifies how to get the client IP....: Select Get the IP from the X-Forwarded-For header (first IP of the list)
The type of check to apply: Select Block the IPs included in the list
Note. In reality, this option should be Allow only the IPs included in the list. But for testing and demonstration purpose, using the Block the IPs... option is easy to demonstrate.
You'll be directed to the Policies dashboard, click on Update Policy Chain button.
Select Integration -> Configuration menu from left panel, then click Promote v.n to Staging APIcast button and then click Promote v.n to Production APIcast button to promote the configuration to Staging APIcast and Production APIcast respectively.
Open a new tab in Postman, then enter the APIcast API Gatway URL.
Copy user_key query parameter from 3scale web console.
Append the copied user_key to the URL in Postman (DO NOT forget to add / character to the end of URL before append the user_key param) and click Send button. You should get error response says IP address not allowed.
List of IPs: Click + button and enter the IP address from above.
