DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • Implementing a Serverless DevOps Pipeline With AWS Lambda and CodePipeline
  • The SPACE Framework for Developer Productivity
  • Top 10 Pillars of Zero Trust Networks
  • Getting Started With the YugabyteDB Managed REST API

Trending

  • Implementing a Serverless DevOps Pipeline With AWS Lambda and CodePipeline
  • The SPACE Framework for Developer Productivity
  • Top 10 Pillars of Zero Trust Networks
  • Getting Started With the YugabyteDB Managed REST API
  1. DZone
  2. Data Engineering
  3. Databases
  4. White-Listing IPs in WSO2 API Manager

White-Listing IPs in WSO2 API Manager

Learn how to create an advanced throttling policy for white-listing IPs using the WSO2 API Manager's throttling and policy enforcement engine.

Vanjikumaran Sivajothy user avatar by
Vanjikumaran Sivajothy
·
Nov. 07, 17 · Tutorial
Like (8)
Save
Tweet
Share
7.71K Views

Join the DZone community and get the full member experience.

Join For Free

This article is only applicable to the WSO2 API Manager 2.x.x family.

Usually, IP white-listing is a way of configuring a filter to exempt a particular set of known IP address, grant access to given assets, and keep them from being rejected or filtered. Simply, it is a registry that has the “known” IPs.

WSO2 introduced a powerful mechanism to create a throttling and policy enforcement engine backed by Siddhi CEP. This has become very handy and easy to develop.

Please follow the below steps to create an advanced throttling policy to white-list, and attach it to the API.

Step 1: Log in to the Admin Portal using the URL https://<Hostname>:<Port>/admin and your admin credentials.

Step 2: Click "Advanced Throttling" under the Throttle Policies section. The existing set of throttling tiers is displayed. To add a new tier, click Add Tier.

Step 3: Fill in the details required by this form and click Add Conditional Group to add a conditional group.

Step 4 : Click on conditional group to add conditional group details

Step 5 : Fill the condition group details. In that case, you need to enable IP condition and specify the IP that you need to white-list. Once the invert condition is enabled and set the throttling limit to be 0 then none of the requests coming from IPs other than the white-listing IP will be served by the gateway. After filling the details, click save.


Now the policy is created successfully and you need to engage this policy with a particular API. For that,

Step 6 : Login to API Publisher https://localhost:9443/publisher
In the ‘Manage’ tab of API create/update window, enable advanced throttling for API and select the throttling policy that we have created before, from the drop down and Save the API.

Now the API will be accessible only by the IP specified in the throttling policy.

Note: Since it takes some time to deploy the policy, the first few requests from the IPs other than the white-listed IP/IPs will be passed through. After the policy is successfully deployed, non-white-listed IP access will be blocked.

API

Opinions expressed by DZone contributors are their own.

Trending

  • Implementing a Serverless DevOps Pipeline With AWS Lambda and CodePipeline
  • The SPACE Framework for Developer Productivity
  • Top 10 Pillars of Zero Trust Networks
  • Getting Started With the YugabyteDB Managed REST API
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: