Contact Free trial Login

IP Whitelist Policy

The IP Whitelist policy allows you to create an explicit list of IP addresses that can access your deployed endpoints. IP addresses that aren’t on this white list are rejected.

If you have an IP Whitelist policy assigned, you need to whitelist all IP addresses that are coming through your exposed endpoint.

IP Whitelist policy violations escalate to authentication errors for the DoS policy. You can configure the way protocol errors are handled in a DoS policy.

This source is IP address based. If an attacker can spoof the source IP address, these measures cannot prevent the attack.

Differences with API Gateway Policies

The IP Whitelist policy is a list of all IP addresses allowed to connect to your endpoint, and this whitelist applies to all applications. You can set up an API Gateway Whitelist policy per API list.

Example

You can set up an IP Whitelist policy to allow a.a.a.a, y.y.y.y, and z.z.z.z.
Then, API-1 (/api1) uses an API Whitelist policy that allows x.x.x.x, and API-2 (/api2) uses another policy that allows y.y.y.y and z.z.z.z.

  • IP Address w.w.w.w is rejected by both APIs, because it’s not whitelisted in the IP Whitelist policy.

  • IP Address y.y.y.y requesting /api1, is allowed at the IP Whitelist policy level, and rejected by the API Whitelist policy at /api1.

  • IP Address y.y.y.y requesting /api2, is allowed at the IP Whitelist policy level, and allowed by the API Whitelist policy at /api2.

Prerequisites

To configure and use the security policies, you must:

  1. Have permission to manage policies in API Manager.

  2. Install Runtime Fabric. Anypoint Runtime Fabric is a container service that automates the deployment and orchestration of Mule apps and API gateways.

  3. Enable inbound traffic on Runtime Fabric to allow Mule apps and API gateways to listen on inbound connections.

Configure IP Whitelist Policy

  1. Navigate to Anypoint Security.

  2. Click Create Policy, and select IP Whitelist.

  3. Add a name for your policy in the Name field.

  4. Under IP White List, click Add IP.

  5. Insert the range of IP addresses to whitelist. You must use the CIDR format for a range of IP addresses.
    For example, using the IP address 10.111.0.0/24 whitelists the addresses from 10.111.0.0 to 10.111.0.254.
    To add more IP address ranges, click Add IP again.

  6. Click Save Policy.

We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. You can read more and make your cookie choices here. By continuing to use this site you are giving us your consent to do this.