Controlling Access with IP Restrictions
Instead of denying requests based on request properties like headers or paths, you may need to restrict access based on the request's source IP address.
By defining allow lists (permitting only specific IP ranges) or deny lists (blocking unwanted IPs), you can:
🛡 Enhance security by blocking malicious IPs or untrusted networks.
🚀 Limit access to internal or private resources.
⚡ Prevent API abuse by restricting access to known users or organizations.
🔍 What are the Benefits of Restricting IPs?​
IP-based restrictions provide a simple yet effective security mechanism that doesn't require authentication tokens or additional request validation.
Key Benefits:
- Block Malicious or Unauthorized Traffic: Stop unwanted requests before they reach your backend.
- Restrict Access to Internal Users: Ensure only approved teams or offices can reach private APIs.
- Reduce Attack Surface: Prevent access from high-risk geographies or known malicious networks.
- Enforce Compliance Policies: Meet regulatory requirements by restricting access to specific locations.
- Lightweight and Efficient: No need for complex authentication mechanisms—filter requests at the network edge.
IP Restriction Examples​
The following examples restrict access to specific IP addresses using the restrict-ips action.
Check out the IP restriction policy action page for more details about how it functions and the parameters it accepts.
- AgentEndpoint
- CloudEndpoint
- Ingress
- Gateway API
Loading…
Loading…
đź’ˇ Ingress
resources do not natively support IP-based restrictions, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
​
Loading…
2. Use the NgrokTrafficPolicy
on an Ingress
​
Loading…
đź’ˇ Gateway API resources do not natively support IP-based restrictions, but they can be extended using a traffic policy.
1. Create an NgrokTrafficPolicy
​
Loading…
2. Use the NgrokTrafficPolicy
on a Gateway
​
The following example showcases supplying the NgrokTrafficPolicy
on a Gateway
resource. All requests to the Gateway
will run the traffic policy.
If you prefer, NgrokTrafficPolicy
can also be used on the route level by using an externalRef
filter on an HTTPRoute
. See the using Gateway API guide for examples.
Loading…