Layer7 API Management

Expand all | Collapse all

Apply IP Restrictions on URL Patterns

Jump to Best Answer
  • 1.  Apply IP Restrictions on URL Patterns

    Posted 11-12-2016 09:53 AM

    Hello,

     

    Wondering if someone could provide some guidance.  I'd like to put restrictions in place on for particular URL patterns.  For example, I'd like to allow access to /api/administration for internal traffic, but disallow it for external traffic.  Any hints or examples on how to pull this off?

     

    Thanks,

     

    Alejandro



  • 2.  Re: Apply IP Restrictions on URL Patterns

    Posted 11-14-2016 04:07 AM

    Hi Alejandro,

     

    You will have to identify what is the difference between internal and external traffic. 

     

    For example: All ip's that start with 10.20.51.x belong to internal and therefore allow access to API's. Any other hosts with other ip's, requesting for access, are not allowed.

     

    This can be achieved by the variable ${request.tcp.remoteip}. This variable returns the ip address of the requester. You can build your logic accordingly. 

     

    Hope this helps.

     

    Regards

    Seenu Mathew



  • 3.  Re: Apply IP Restrictions on URL Patterns

    Posted 11-14-2016 04:30 AM

    sorry to ask, but to which CA product does that question (am its answer) apply ? thanks, Veronique



  • 4.  Re: Apply IP Restrictions on URL Patterns

    Posted 11-14-2016 07:32 AM

    Hi Veronique,

     

    This post is in the CA API Management (formerly Layer7) community. 

     

    I see why you have this question Veronique. I moved internally in CA from supporting CA Performance Management/eHealth to CA API Management and you are following me in the communities. 

     

    Regards

    Seenu Mathew



  • 5.  Re: Apply IP Restrictions on URL Patterns
    Best Answer

    Posted 11-14-2016 08:39 AM

    Hi acalbazana,

     

    To add a bit on to the response from Seenu, you can use the variable ${request.http.uri} to obtain the URI portion and make decisions based on this.

     

    I.e:

    If URI = /api/administration
    AND
    IP Address is within the internal network
    THEN
    Allow access

     

    To accomplish this you can use a combination of the compare expression assertion and the Allow access to IP range assertion

    More details on these assertions can be found in our documentation, CA API Gateway Home - CA API Gateway - 9.1 - CA Technologies Documentation 

     

    Regards,

    Joe



  • 6.  Re: Apply IP Restrictions on URL Patterns

    Posted 11-17-2016 03:56 AM

    Hi acalbazana,

    Does Joe's response answer your question?

    Regards

    Seenu Mathew