As part of the audit processes of the API Gateway logs, we have noticed that there has been calls made from IPs not recognized as valid clients to the set of APIs we have enabled.
We consider those calls attacks looking to harvest on potential non secured services of flaws of the Gateway.
Since those calls generates some traffic and potentially consume resources I would like to have the alternative to blacklist the IPs originating those calls from the beginning with the least resources consumption required.
Can you suggest the best approach to it, I would like to have some IP blacklisting capability.
Perhaps you can take a look at the "Restrict Access to IP Address Range Assertion" to block the IPs and implement the mentioned assertion in a global policy at the message-received stage, as this is is before the resolution of service.
Restrict Access to IP Address Range Assertion - CA API Gateway - 8.3 - CA Technologies Documentation
Global Policy Fragments - CA API Gateway - 9.3 - CA Technologies Documentation
Hope this helps