Layer7 API Management

Expand all | Collapse all

Restrict services to interface

Jump to Best Answer
  • 1.  Restrict services to interface

    Posted 10-02-2014 04:39 AM
      |   view attached



    a customer asked if we have a chance to restrict services to a port or interface.

    They want to allow some services only being access through the intranet. Means

    only a bunch of services are reachable from the internet.




    Steffen Miller

    CA Technologies

    Principal Consultant, Presales


    CA Deutschland GmbH | Marienburgstrasse 35 | Darmstadt | 64297

    Office: +49 (6151) 949 329 | Mobile: +49 170 8538 262 |

    HRB Darmstadt 1706<>

    Geschäftsführer:  Sven Mulder, Jay H. Diamond, Navneet Govil








  • 2.  Re: Restrict services to interface
    Best Answer

    Posted 10-02-2014 08:43 AM

    Yes, this can be done on the gateway. If it was only one service policy, then you can go to Tasks->Manage LIsten ports and tie a specific service to a specific interface/port. If there are multiple services, then adding a policy fragment to the specific service policies that need to be restricted can be done. The policy can check the value of the variables ${request.tcp.localPort} and ${request.tcp.localIP} to determine which IP/port the request arrived at and reject it if did not come from the internal interface.

  • 3.  Re: Restrict services to interface

    Posted 10-02-2014 09:01 AM

    OK. Thanks.

    Works, but is not really nice, isn't it ?




  • 4.  Re: Restrict services to interface

    Posted 10-02-2014 09:08 AM

    I guess that's debatable . Keep in mind you can always create a Policy Fragment and call it something like "Restrict to Internal Interface" and then just include the fragment in the appropriate service policies (or even expose as a template directly through the API portal). You could also leverage a global policy to centralize the check in a single location (many ways to meet the requirement).