Restrict caller IPs
APPLIES TO: All API Management tiers
The ip-filter
policy filters (allows/denies) calls from specific IP addresses and/or address ranges.
Tip
To help you configure this policy, the portal provides a guided, form-based editor. Learn more about how to set or edit API Management policies.
Policy statement
<ip-filter action="allow | forbid">
<address>address</address>
<address-range from="address" to="address" />
</ip-filter>
Attributes
Attribute | Description | Required | Default |
---|---|---|---|
action | Specifies whether calls should be allowed (allow ) or not (forbid ) for the specified IP addresses and ranges. Policy expressions are allowed. |
Yes | N/A |
Elements
Element | Description | Required |
---|---|---|
address | Add one or more of these elements to specify a single IP address on which to filter. Policy expressions are allowed. | At least one address or address-range element is required. |
address-range | Add one or more of these elements to specify a range of IP addresses from "address" to "address" on which to filter. |
At least one address or address-range element is required. |
Usage
- Policy sections: inbound
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, consumption, self-hosted
Usage notes
If you configure this policy at more than one scope, IP filtering is applied in the order of policy evaluation in your policy definition.
Example
In the following example, the policy only allows requests coming either from the single IP address or range of IP addresses specified.
<ip-filter action="allow">
<address>13.66.201.169</address>
<address-range from="13.66.140.128" to="13.66.140.143" />
</ip-filter>
Related policies
Next steps
For more information about working with policies, see:
- Tutorial: Transform and protect your API
- Policy reference for a full list of policy statements and their settings
- Policy expressions
- Set or edit policies
- Policy samples