IP Restriction rule

Use the IP Restriction rule to restrict access based on the client IP address of the request

Restricts access based on the client IP address where the request originated. If the request doesn't meet the configured requirements, it's rejected with a 403 Forbidden error.

Restricting access to Tasks based on the client’s IP address is an extra layer of security for protecting your Snaplex nodes. By analyzing the access logs on the nodes, you can determine the range of IP addresses in use, and you can configure this rule accordingly.

Important:
  • The Snaplex returns the IP address of the client or last proxy that sent the request.

Prerequisite

You must configure the Groundplex load balancer correctly to forward the client IP address to the API endpoint. Only when the client IP address is captured correctly can the blocked IP address be displayed accurately in the error message for the 403 error.

Rule execution order

This IP Restriction rule executes early in request processing to limit the effects of excessive requests from blocked IP addresses.

Note: All expression enabled fields in API Policies take expressions from Understanding Expressions in SnapLogic and the API Policy Manager Functions
Field Description
When this rule should be applied An expression that defines one or more conditions that must be true for the rule to execute.

Default value: True

Example: The expression request.method == "POST" causes the rule to execute only on POST requests.

Allowlist IP's The list of IP ranges to allow. If empty, only the deny list ranges will be considered.
Start IP The starting IP address of the range.

Default value: N/A

Example: 203.0.113.0
End IP The ending IP address of the range (inclusive). If this value is not given, the starting IP will be used, effectively allowing only that IP address.

Default value: N/A

Example: 203.0.113.8
Description The description of the range.
Denylist IP's The list of IP ranges to block. If there are also IPs on the Allowlist, the Denylist takes precedence.
Start IP The starting IP address of the range.

Default value: N/A

Example: 192.0.2.10
End IP The ending IP address of the range (inclusive). If this value is not given, the starting IP will be used, effectively allowing only that IP address.

Default value: N/A

Example: 192.0.2.11
Description The description of the range.
Description

A brief description of this rule.

Default value: Only requests from the specified IP addresses are being accepted