Overview of IP Whitelisting Connector

Release Notes

API Management (Release Date)	Release Type	Release Description
March 19, 2020	Improvement	Improvement to identify Client IP addresses accurately, for whitelisting feature
	Improvement	Connectors now support overriding default behavior of X-FORWARDED-FOR header to pick client IP address using a configurable flag keep_client_ip_as_source. This flag overrides default selecting IP address of intermediaries like a load balancer or third party proxy that is closest to the API Management stack.

Description

The connector provides an ability to whitelist API requests according to the configured Subnet, IP list, or IP range. It supports IPs in the following format:

• CIDR (for example - a.b.c.d/x)

• List of IPs.

• IP Range

• Support for both Package Key & Service Key EAV ( Extended Attributes Value).

• Connector will fetch the WhiteListed IP from pre-input or package keys EAV and will call the IP Whitelisting Service to authenticate the requesting IP.

• When whitelisted IP's are configured either in pre-inputs or in package keys EAV then connector will allow only those requests whose IP's are same as per configured whitelisted IP's.

• The configured IP (IPv4) addresses are entered in CIDR notation or comma-delimited.

• Supports only pre-processing of API request.

• Supports IP whitelisting of resource endpoint only configured in API Management.

  • Whitelisting by IP address for customer backend servers behind API Management.

  • API Management token endpoints are not whitelisted by IP address.

Related Links

• Usage

• Design and Implementation

• Configuring Endpoint Call Processing

  • Using the Connector as an Authenticator

  • Using the Connector as a Processor

• Local Edition Porting and Chaining