Layer7 API Management

 View Only
  • 1.  CA API Gateway Layer 7

    Posted Feb 10, 2020 03:17 PM
      |   view attached
    Want to restrict IP. Only want  to allow the IP shared by the source system, Use the policy "Restrict Access to IP Address Range" properties.Problem is Layer 7 internal load balancer IP. If we restrict the Layer 7 internal load balancer IP then All the IP's  got restricted but if does not restrict the Layer 7 internal load balancer IP then all the request process successfully though the IP is restricted. PFA & assist.


  • 2.  RE: CA API Gateway Layer 7
    Best Answer

    Broadcom Employee
    Posted Feb 10, 2020 03:20 PM
    Hi Anirban,

    If you have enabled the X-Forwarded-For header on the load balancer you can set the rule based on this.

    https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=778191

    Regards,
    Joe


  • 3.  RE: CA API Gateway Layer 7

    Posted Feb 25, 2020 04:41 AM
    Tried with the option but no luck. Whenever restrict the load balancer with IP/32 what ever request come got restricted but whenever disable the load balancer all  the request pass through . Enable context variable "request.http.headerValues.x-forwarded-for" for load balancer but no luck. Please assist .


  • 4.  RE: CA API Gateway Layer 7

    Posted Mar 24, 2020 04:32 PM
    Hi Joe,
                I tried with "request.http.headerValues.x-forwarded-for" but no luck. Thing is if I enable the internal LB the all the request are getting blocked & if we disable the internal LB ip in IP restriction then all request are passing.PFB:
     Please guide. 


    Regards.
    Anirban


  • 5.  RE: CA API Gateway Layer 7

    Broadcom Employee
    Posted Mar 24, 2020 04:37 PM
    Hi Anirban,


    Please use the variable ${request.http.header.x-forwarded-for}

    The 'headerValues' part of your screenshot is incorrect. Hope this helps.