IP Filtering

With this interceptor, you can define a list of IP addresses whose requests will be blocked by the gateway or a list of the only IPs that will be allowed to make incoming requests.

The gateway works at the application layer, the validation is based on the header, and it is possible to manipulate the header values in the request.
Therefore, ensure that only authorized persons have access.

How it works

As IP Filtering is used to block or allow requests from specific IP addresses, it can only be added to an API’s request flow.

When configuring the interceptor, the user chooses whether it will be used to bar all requests coming from the specified IPs or whether it should only allow requests coming from these IPs and deny the requests from any other IP. It’s possible to include more than one IP at a time, either by entering each one individually or by including an IP range.

It’s also possible to make a combination of interceptors for allowing and blocking requests at the same time. As an example, imagine the configuration described below.

Example

In the request flow, the user inserts, in this order:

an IP Filtering to allow only the requests coming from the IP range 192.168.0.0/27;
an IP Filtering to block incoming requests from the IP 192.168.0.10.

The request flow will then contain the two interceptors:

This is how the requests will be handled:

Upon the execution of the first IP Filtering:
- If a request comes from any IP outside the 192.168.0.0/27 range, it will be blocked by the first IP Filtering and the call will be aborted.
- If a request comes from any IP within the 192.168.0.0/27 range, the first IP Filtering will allow the request and the call will continue.
Upon the execution of the second IP Filtering:
- If a request comes from the IP 192.168.0.10, it will be blocked by the second IP Filtering and the call will be aborted.
- If a request comes from any IP within the range 192.168.0.0/27, except 192.168.0.10, it will be allowed by the second IP Filtering and the call will continue.

Multiple source IPs

Multiple source IPs are sent when the request goes through something before reaching the gateway.

Example: A WAF (Web Application Firewall) layer before Sensedia Gateway.

How to configure it

To configure it, you must choose the type of control. If it’s a BLOCK_LIST, you need to insert the IPs whose requests will be blocked in the IP List field. If you choose the type ALLOW_LIST instead, you must insert the IPs whose requests will be permitted. In the latter case, any IP which is not on the list will be blocked by the gateway.

In case of multiple source IPs:

If the choice is ALLOW_LIST, it is enough that one of the source IPs is configured in this list and the call will be accepted.
If the choice is BLOCK_LIST, it is enough that one of the source IPs is configured in this list and the call will be aborted.

You may include:

an individual IP (e.g., 192.168.1.10);
a range of IPs (e.g. 192.168.0.0/27);
a list of individual IPs, IP ranges, or a mixed list — inserting one element per line, with no other separator. Example:

192.168.1.10
192.168.0.0/27

When an IP range is configured, the broadcast and network IPs will always be ignored from validation, regardless of the configured range.

The image below shows an example of a BLOCK_LIST in which an individual IP and an IP range will be prevented from sending requests.

Thanks for your feedback!

EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]