Access control based on IP address range

Extension for applying the protection: x-42c-access-control-based-on-ip-range_0.1

You apply protections to your API as strategies by using the x-42c security extensions, either locally to specific paths, operations, responses, or HTTP status codes, or alternatively to all incoming requests or outgoing responses. For more details, see Protections and security extensions.

Description

This protection allows you to specify a range of IP addresses that are allowlisted for API calls. API Firewall validates the client IP address in incoming API calls against the defined array of allowlisted IP addresses or address ranges. If the incoming IP address is on the allowlist, the API call is allowed through. If not, API Firewall blocks the call.

The protection requires API Firewall image v1.0.12 or higher.

You can use this protection together with the protection x-42c-set-client-ip_0.1, see Client IP address override

Parameters

You can configure the following parameters:

Parameter name	Description
`ip.range.list`	Required. A list of IP addresses or address ranges (in CIDR notation, both IPv4 and IPv6 are supported) from where incoming calls are allowed. API calls from IP addresses not on the list are automatically blocked.

Example

/api/login:
    post:
        x-42c-local-strategy:
            x-42c-strategy:
                protections:
                    - x-42c-access-control-based-on-ip-range_0.1:
                        ip.range.list:
                            - 77.228.93.1
                            - 198.51.100.0/22
                            - 2001:db8::/32                   
                    # ...