API Economy / API Management

Expand all | Collapse all

Use Ip filter policy of Datapower in Apiconnect 2018

  • 1.  Use Ip filter policy of Datapower in Apiconnect 2018

    Posted 5 days ago
    ​Hi , I need to develop an api in apiconnect  and use the IP filtering policy of datapower. How we can use the datapower policy in apiconnect and use that.

    Thanks

    ------------------------------
    Harry Anadpur
    ------------------------------


  • 2.  RE: Use Ip filter policy of Datapower in Apiconnect 2018

    Posted 4 days ago

    Hi Harry,

    You will need to create a custom policy where the main processing rule would have a stylesheet can get the current request's clientIP by using <xsl:variable name="ip" select="dp:client-ip-addr()"/> and you would used the dp:ip-addr-match extension function to determine if the client IP is within the range you wish.  Note that the ip-addr-match extension function does accept CIDR notation so you can check for the client IP being within a range of IPs.  If the IP isn't in range, the you'd use a dp:reject.  You can also customize your HTTP status code by having a stylesheet in your policy error rule that would do something like

    <xsl:call-template name="apim:error">
    <xsl:with-param name="httpCode" select="'403'" />
    <xsl:with-param name="httpReasonPhrase" select="'Forbidden'" />
    <xsl:with-param name="errorMessage" select="dp:variable('var://service/error-message')" />
    </xsl:call-template>

    Regards,

    Steve



    ------------------------------
    Stephen Linn
    ------------------------------



  • 3.  RE: Use Ip filter policy of Datapower in Apiconnect 2018

    Posted 3 days ago
    Thanks. Any link to refer.

    ------------------------------
    Harry Anadpur
    ------------------------------



  • 4.  RE: Use Ip filter policy of Datapower in Apiconnect 2018

    Posted yesterday

    Hi Harry, 

    This question has come up from  time to time, so I just pulled my sample custom policy for this from my archives and placed in the API Connect Sample custom policies at https://github.com/ibm-apiconnect/policy (Look for clientIP-filter-policy). Again, just a sample, but give it a try and if nothing else it gives you a head start.  If it doesn't meet your needs, you can modify as needed to meet your requirements.

    Regards,
    Steve



    ------------------------------
    Stephen Linn
    ------------------------------