Skip to content
/ IP-Block-Handler Public

Handler Implementation to Block requests based on IP in WSO2 API Manager

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

athiththan11/IP-Block-Handler

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
example
example
 
 
src/main/java/com/sample/handlers
src/main/java/com/sample/handlers
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

IP Blocking Handler

A sample handler implementation to block API requests based on IP addresses (applied per API level and not global). The implementation presented in the main branch supports WSO2 API Manager v3.2.0.

To use the handler implementation on lower versions of the API Manager, please change the required dependency versions in the pom.xml and build the project as instructed in Build.

Mediator Implementation

Find the mediator implementation of the IP-Block under the mediator branch with the instructions on engaging the mediator in Global Mediation sequence with local-entries

Build

Execute the following command from the root directory of the project to build

mvn clean package

Usage

Copy the built JAR artifact and place it inside the <gateway>/repository/components/lib directory and start the server to load the required classes.

After a successful server start, navigate to <apim>/repository/deployment/server/syanpse-configs/default/api directory and open the respective API synapse artifact and add the IPBlockHandler definition after the CORSRequestHandler to block the requests based on the specified IP Regex conditions.

The IP addresses that are required to be blocked for this particular API needs to be passed in a Regex format

<handler class="com.sample.handlers.IPBlockHandler">
    <!-- IPRegex accepts only the Regex patterns -->
    <property name="IPRegex" value="^(127\.0\.0\.[1-5])$" />
</handler>

Configure Velocity Template

We can introduce an API Property to configure the IP Regex patterns from the Publisher UI to change the values dynamically. Please follow the given instructions to make the required changes in the API Manager server

Please note the built JAR artifact has to be placed inside the <apim>/repository/components/lib directory prior to applying the following changes

A complete velocity_template.xml can be found under here

  • Navigate and open the <apim>/repository/resources/api_templates/velocity_template.xml and add the following changes

    ...
<handlers xmlns="http://ws.apache.org/ns/synapse">
#foreach($handler in $handlers)

    #if($handler.className == 'org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler')
        #if($apiObj.additionalProperties.get('IPRegex'))
            <handler class="com.sample.handlers.IPBlockHandler">
                <property name="IPRegex" value="$apiObj.additionalProperties.get('IPRegex')" />
            </handler>
        #end
    #end

    <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className">
...

  • Save the velocity_template.xml

  • Log-in to the Publisher portal and open the specific API that you want to perform IP blocking

  • Go to Properties section and add the following property with the Regex pattern

    • Property Name: IPRegex
    • Property Value: ^(127\.0\.0\.[1-5])$

  • Click on Add and then click on Save to publish the API with the changes

License

Apache 2.0 License

About

Handler Implementation to Block requests based on IP in WSO2 API Manager

Topics

handler wso2 wso2-api-manager ip-based-blocking

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages