IP Whitelist Policy
The IP Whitelist policy allows you to create an explicit list of IP addresses that can access your deployed endpoints. IP addresses that aren’t on this white list are rejected.
If you have an IP Whitelist policy assigned, you need to whitelist all IP addresses that are coming through your exposed endpoint.
IP Whitelist policy violations escalate to authentication errors for the DoS policy. You can configure the way protocol errors are handled in a DoS policy.
|This source is IP address based. If an attacker can spoof the source IP address, these measures cannot prevent the attack.|
The IP Whitelist policy is a list of all IP addresses allowed to connect to your endpoint, and this whitelist applies to all applications. You can set up an API Gateway Whitelist policy per API list.
You can set up an IP Whitelist policy to allow
Then, API-1 (
/api1) uses an API Whitelist policy that allows
x.x.x.x, and API-2 (
/api2) uses another policy that allows
w.w.w.wis rejected by both APIs, because it’s not whitelisted in the IP Whitelist policy.
/api1, is allowed at the IP Whitelist policy level, and rejected by the API Whitelist policy at
/api2, is allowed at the IP Whitelist policy level, and allowed by the API Whitelist policy at
To configure and use the security policies, you must:
Have permission to manage policies in API Manager.
Install Runtime Fabric. Anypoint Runtime Fabric is a container service that automates the deployment and orchestration of Mule apps and API gateways.
Enable inbound traffic on Runtime Fabric to allow Mule apps and API gateways to listen on inbound connections.
Navigate to Anypoint Security.
Click Create Policy, and select IP Whitelist.
Add a name for your policy in the Name field.
Under IP White List, click Add IP.
Insert the range of IP addresses to whitelist. You must use the CIDR format for a range of IP addresses.
For example, using the IP address
10.111.0.0/24whitelists the addresses from
To add more IP address ranges, click Add IP again.
Click Save Policy.