Contact Free trial Login

IP Whitelist Policy

The IP Whitelist policy allows you to create an explicit list of IPs that can access your deployed endpoints. IP addresses that aren’t on this white list are rejected.

If you have an IP Whitelist policy assigned, you need to whitelist all IP addresses that are coming through your exposed endpoint.

IP Whitelist policy violations escalate to authentication errors for the DoS policy. You can configure the way protocol errors are handled in a DoS policy.

This source is IP based. If an attacker can spoof his source IP address, these measures cannot prevent the attack.

Differences with API Gateway Policies

The IP Whitelist policy is a list of all IP addresses allowed to connect to your endpoint, and this whitelist applies to all applications. You can set up an API Gateway Whitelist policy per API list.


You can set up an IP Whitelist policy to allow a.a.a.a, y.y.y.y, and z.z.z.z.
Then, API-1 (/api1) uses an API Whitelist policy that allows x.x.x.x, and API-2 (/api2) uses another policy that allows y.y.y.y and z.z.z.z.

  • IP Address w.w.w.w is rejected by both APIs, because it’s not whitelisted at the IP Whitelist policy.

  • IP Address y.y.y.y requesting /api1, is allowed at the IP Whitelist policy level, and rejected by the API Whitelist policy at /api1.

  • IP Address y.y.y.y requestion /api2, is allowed at the IP Whitelist policy level, and allowed by the API Whitelist policy at /api2.

Configure IP Whitelist Policy

  1. Navigate to Anypoint Security, click Create Policy, and select IP Whitelist.

  2. Add a name for your policy in the Name field.

  3. Under IP White List, click Add IP.

  4. Insert the range of IP addresses to whitelist. You must use the CIDR format for a range of IP addresses.
    For example, using the IP address, whitelists the addresses from to
    To add more ranges of IP address, click Add IP again.

  5. Click Save Policy.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub