IP Restriction (without Deny - Prod)
Overview​
The IP Restriction Policy allows administrators to control access to an API based on the IP address of the client making the request. It supports Allow lists and only the IPs explicitly defined will be granted access; all others will be denied by default.
This policy is useful when securing APIs behind a firewall, limiting exposure only to trusted IPs or known clients.
Configuration Details​
The configuration interface includes input field to specify allowed IPs or CIDR blocks.
| Field | Description |
|---|---|
| Allow | Enter the list of allowed IP addresses or CIDR blocks (e.g., 1.2.3.4, 1.2.0.0/24). These are the only IPs that will be allowed to access the API. |
| Add/Remove IPs | Use the green plus button to add new IPs, and the red minus button to remove any entry. |
Cannot be changed: When enabled, this policy cannot be disabled or toggled after it is applied.
Cannot change the setting value: When enabled, the list of allowed IPs cannot be modified after deployment.
Any IP address not on the allowed list will be automatically rejected.
Restrictions​
- IP addresses must follow IPv4 format or be valid CIDR ranges.
- Duplicate or malformed entries will result in a validation error.
Example IP Restriction Inputs and Results​
The following examples demonstrate how the Allow rules interact and what outcome a request from a given IP would result in:
| Input | Expected Behavior |
|---|---|
| 192.168.0.5 | Only this IP can access the API. |
| 10.0.0.0/8 | Allows access from any IP in the 10...* subnet. |
| No entries specified | No IPs will be allowed to access the API (default deny). |
Always test your IP Restriction setup in API testing before deploying the API.