Access Control based on IP Address

Steps

Go to ifconfig.me to check your IP Address.

Note. You can also use curl https://ifconfig.me command to get your host IP address.

Switch to 3scale admin web console, click API link in the Products panel from the main dashboard.
access control
Select Integration -> Policies menu from left panel. Then click + Add policy link.
access control
Look for the IP Check policy then click on it.
access control
The policy will be added to Policy Chain. Click on the IP Check policy to configure it.
access control
Enter following details, then click Update Policy button.
- Specifies how to get the client IP....: Select Get the IP from the X-Forwarded-For header (first IP of the list)
- List of IPs: Click + button and enter the IP address from step 1 above.
- The type of check to apply: Select Block the IPs included in the list
  Note. In reality, this option should be Allow only the IPs included in the list. But for testing and demonstration purpose, using the Block the IPs... option is easy to demonstrate.
access control
You'll be directed to the Policies dashboard, click on Update Policy Chain button.
access control
Select Integration -> Configuration menu from left panel, then click Promote v.n to Staging APIcast button and then click Promote v.n to Production APIcast button to promote the configuration to Staging APIcast and Production APIcast respectively.
access control
access control

Open a new tab in Postman, then enter the APIcast API Gatway URL.
access control
Copy user_key query parameter from 3scale web console.
access control
Append the copied user_key to the URL in Postman (DO NOT forget to add / character to the end of URL before append the user_key param) and click Send button. You should get error response says IP address not allowed.
access control

Last updated 3 years ago