Hi Paul,
The JSONata for a switch condition handles a regex match https://www.ibm.com/docs/en/api-connect/saas?topic=switch-using-policy-condition-editor using the following, although I have no idea how the optional limit argument would be used for a match, so I'd just omit that argument
$match(str, pattern [, limit])
Here's some general regex patterns for a particular CIDR limits
Any IP, ie a CIDR of /0
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
a /15 example, say 192.168|169
.0-255.0-255 or 192.168.0.0/15
^192.16([8|9])\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.)([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]){2}$
a /16 example, say 192.168.0-255.0-255 or 192.168.0.0/16
^192.168\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.)([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]){2}$
a /17 example, say 192.168.124|125
.0-255 or 192.168.124.0/17
^192\.168\.12([4|5])\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$
so the regular expression would simplify your JSONata instead of checking for many different individual IP values.
Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
------------------------------
Original Message:
Sent: Wed February 28, 2024 12:34 PM
From: Paul Dango
Subject: IP WhiteListing / BlackListing
HI Ricky,
How do we check in the switch policy that an IP Address is within an IP Range? The client has provided a range of CIDR /17. This can be a lot of address to configure in the switch policy?
Thanks,
Paul
------------------------------
Paul Dango
Original Message:
Sent: Fri February 23, 2024 04:47 AM
From: Ricky Moorhouse
Subject: IP WhiteListing / BlackListing
Hi Paul,
Whilst this will be a lot easier to achieve in the Advanced plan using the clientIP sample policy - you may be able to achieve what you are looking for using logic in a switch (https://www.ibm.com/docs/en/api-connect/saas?topic=constructs-switch) - the client IP is available in the context variable `session.clientAddress`
Thanks
Ricky
------------------------------
Ricky Moorhouse
IBM API Connect Cloud Architect
Original Message:
Sent: Thu February 22, 2024 03:55 PM
From: Paul Dango
Subject: IP WhiteListing / BlackListing
Hi Steve,
We are developing in IBM API Connect Based Edition SaaS. In this edition XSLT, GatewayScript, and User Defined Policies are not available. It appears then that the IP whitelisting/blacklisting is not possible in the base edition.
However, in the Advance Edition, XSLT, GatewayScript and User Defined Policies are available.
Thanks,
Original Message:
Sent: 2/22/2024 1:59:00 PM
From: Steve Linn
Subject: RE: IP WhiteListing / BlackListing
Hi Paul,
I understand that SaaS doesn't support user defined policies (assuming you're talking public SaaS), but see our public sample UDP repository and in particular, the clientIPFilter UDP https://github.com/ibm-apiconnect/policy-apigw/tree/master/user-defined-policies/clientip-filter. All the UDP does is allow dynamic specification of the allow/deny rules and then uses those rules against the client IP with a DataPower extension function, and this is all done is an xslt. You could use the xslt as an example to do whatever you need to do.
Best Regards,
Steve
------------------------------
Steve Linn
Senior Consulting I/T Specialist
IBM
Original Message:
Sent: Thu February 22, 2024 11:12 AM
From: Paul Dango
Subject: IP WhiteListing / BlackListing
HI All,
We are working on API Connect in SaaS.
We would like information on how to configure IP Client Whitelisting / BlackListing.
Thanks,
Paul
------------------------------
Paul Dango
------------------------------