Restrict caller IPs

APPLIES TO: All API Management tiers

The ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges.

Tip

To help you configure this policy, the portal provides a guided, form-based editor. Learn more about how to set or edit API Management policies.

Policy statement

<ip-filter action="allow | forbid">
    <address>address</address>
    <address-range from="address" to="address" />
</ip-filter>

Attributes

Attribute Description Required Default
action Specifies whether calls should be allowed (allow) or not (forbid) for the specified IP addresses and ranges. Policy expressions are allowed. Yes N/A

Elements

Element Description Required
address Add one or more of these elements to specify a single IP address on which to filter. Policy expressions are allowed. At least one address or address-range element is required.
address-range Add one or more of these elements to specify a range of IP addresses from "address" to "address" on which to filter. At least one address or address-range element is required.

Usage

Usage notes

If you configure this policy at more than one scope, IP filtering is applied in the order of policy evaluation in your policy definition.

Example

In the following example, the policy only allows requests coming either from the single IP address or range of IP addresses specified.

<ip-filter action="allow">
    <address>13.66.201.169</address>
    <address-range from="13.66.140.128" to="13.66.140.143" />
</ip-filter>

Next steps

For more information about working with policies, see: