0

for example I have a rest API called pizzadellivery and a resource called get prices and also set an endpoint and also set no Security, Rate Limiting & Scopes.is it possible to restrict access(call an api) to specific rest API resource except for some IP addresses in WSO2 API manager(3.2.0)? thanx

Ali farahzadi
  • 274
  • 2
  • 10

2 Answers2

0

Log in to the WSO2 API Manager Publisher portal.

Navigate to the API that you want to restrict access to.

Click on the "Endpoints" tab and select the endpoint you want to apply IP Range Limiting to.

In the endpoint configuration page, select the "IP Range Limiting" tab.

Define the IP address ranges that you want to allow access to the API resource in the "Allowed IP Ranges" field. You can specify IP addresses individually or use CIDR notation to specify a range of IP addresses.

Save the changes to the endpoint configuration.

Seth Timmons
  • 51
  • 3
0

Yes, this is doabe by adding an Advanced rate limiting policy and associating it with the resource you want to protect.

This is a 2 step exercise:

  1. Create an Advance Rate Limiting policy using the Admin Portal. When creating it, you can define the IP rages you need to restrict access. Follow link below [1] for more information.
  2. Once the new advanced rate limiting policy is created, you need to go to Publisher portal and apply the new rate limiting policy to the resource you need to restrict using the Resource page. For more detailed steps, check the below link [2]

[1] https://apim.docs.wso2.com/en/latest/design/rate-limiting/introducing-throttling-use-cases/ [2] https://apim.docs.wso2.com/en/latest/design/rate-limiting/setting-throttling-limits/#resource-level-operation-level-rate-limiting

Joy Rathnayake
  • 485
  • 4
  • 8
  • thanx so much. I have many different resources and many different IPs with different access scenarios , what can I do to handle this complexity? – Ali farahzadi Feb 26 '23 at 08:11
  • and what about blocking all request except some IP addresses – Ali farahzadi Feb 26 '23 at 14:38
  • 1
    You can also try Whitelisting option. Also, there are many options you can evaluate to accommodate this. Application-level, User-level, API-level, etc. and whether to use which one or combination of them is more of a Soltuons decision. Better to consult a WSO2 Solutions Architect and evaluate your use cases to identify the correct approach(s). – Joy Rathnayake Feb 26 '23 at 15:08
  • is whitelisting option available in WSO2 APIM 3.2.0?can you provide more detail – Ali farahzadi Feb 27 '23 at 07:32