Layer7 API Management

  • Private Community

  • 1.  Access control based on X-Forwarded IP

    Posted Feb 01, 2017 08:04 PM

    Hi, Apologies if this question is answered already,  appreciate if anyone can forward me right direction.

     

    We want to control access to a service based on user's IP. However our api gateway is behind lad balancer so Gateway always sees LB as the client not the actual client. Our LB is configured to pass x-forwarded-for header so backend applications can use that IP as needed. We have customized our apache web servers to capture this information. However, I am not able to find required configuration for API Gateway. Any pointers would be appreciated.

     

    I have confirmed that XFF (X-Forwarded-For) is carrying client IP using a r"Return Template esponse " assertion with the folowing  response body:

     

    ${request.http.allheadervalues}

    When this assertion is executed, user's browser renders all headers including XFF.

     

    I tried using 

    ${request.http.x-forwarded-for}

    but browser renders a blank page.

    Can anyone suggest a way to capture XFF in a context variable so I can use that in "Allow Access to IP Address Range"?



  • 2.  Re: Access control based on X-Forwarded IP

    Posted Feb 01, 2017 11:59 PM

    Hi SamWalker,

     

    There seems to be an error in your context variable declaration, could you try ${request.http.header.x-forwarded-for}. Also check the logs as it may show a warning entry for context variables that doesn't exist

     

    Regards,

    Shawn



  • 3.  Re: Access control based on X-Forwarded IP
    Best Answer

    Posted Feb 02, 2017 10:42 AM

    Hi SamWalker,

     

    I use by this way, for me It works. 

     

    Regards,

     

    Matheus Isquierdo



  • 4.  Re: Access control based on X-Forwarded IP

    Posted Feb 02, 2017 11:35 AM

    Thanks You both Shawn and Matheus. Appreciate your time ..

     

    request.http.header.x-forwarded-for as context variable worked.

     



  • 5.  RE: Re: Access control based on X-Forwarded IP

    Posted Feb 25, 2020 04:55 AM
    Tried with the option but no luck. Whenever restrict the load balancer with IP/32 what ever request come got restricted but whenever disable the load balancer all  the request pass through . Enable context variable "request.http.headerValues.x-forwarded-for" for load balancer but no luck. Please assist .
    Original Message


  • 6.  RE: Re: Access control based on X-Forwarded IP

    Posted Feb 27, 2020 08:31 AM
    Hi Anil,
    please also check this thread:
    https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?GroupId=1255&MessageKey=60a3b785-3a48-43f0-bf63-2769f03bd664&CommunityKey=0f580f5f-30a4-41de-a75c-e5f433325a18&tab=digestviewer
    Here you can also work with a single input variable containing several allowed IPs/Networks, which then will be looped with the ​"Allow Access to IP Address Range"-assertion.

    Ciao Stefan :)
    Original Message