Usage

• Blocking by IP range, for example: 123.45.67.0-123.45.67.128

• Blocking by IP list (comma de-limited), for example: 123.45.67.0,123.45.67.128

• Blocking by subnet, for example: 123.45.0.0/16

• blocked_ip_range and blocked_ip_list are optional and don't need to be configured together.

• When only blocked_ip_range is configured, then incoming user client IP address must be present in the range specified.

• When only blocked_ip_list is configured, then incoming user client IP address must be present in the IP list specified.

• When both blocked_ip_range and blocked_ip_list are configured, then client IP address must be present in either blocked_ip_range or blocked_ip_list.

• When keep_client_ip_as_source is true, then it will return the IP Address of originating client; if false, then it will return the IP address of nearest proxy to API Management. Whatever IP address it will return depends on this flag; this IP address must be present either in blocked_ip_range or blocked_ip_list.

• Default value of keep_client_ip_as_source is false.

• IP address configured must be a publicly-recognized IP address (for example: https://whatismyipaddress.com/) that is recognized by API Management proxy.

• Best practice for IP blacklisting (when third party proxy server is in front of API Management in the API call flow) is to configure the IP address of the proxy (for example, Intermediate Node 2) that is closest to API Management stack.

  For example: client/WWW --> Intermediate Node 1 --> Intermediate Node 2 --> Cloud API Management --> Resource API

Current Sequence of Identifying Client IP Address

The priority sequence logic (shown below) currently supported in this Connector achieves the following:

• Accurately identifies client IP address in data flow across various systems before it reaches to API Management stack.

• Designed to identify various factors that might get involved in storing client IP address which may involve chaining.