Restrict caller IPs
ip-filter policy filters (allows/denies) calls from specific IP addresses and/or address ranges.
Set the policy's elements and child elements in the order provided in the policy statement. To help you configure this policy, the portal provides a guided, form-based editor. Learn more about how to set or edit API Management policies.
<ip-filter action="allow | forbid"> <address>address</address> <address-range from="address" to="address" /> </ip-filter>
|action||Specifies whether calls should be allowed (
|address||Add one or more of these elements to specify a single IP address on which to filter. Policy expressions are allowed.||At least one
|address-range||Add one or more of these elements to specify a range of IP addresses
||At least one
- Policy sections: inbound
- Policy scopes: global, workspace, product, API, operation
- Gateways: dedicated, consumption, self-hosted
If you configure this policy at more than one scope, IP filtering is applied in the order of policy evaluation in your policy definition.
In the following example, the policy only allows requests coming either from the single IP address or range of IP addresses specified.
<ip-filter action="allow"> <address>220.127.116.11</address> <address-range from="18.104.22.168" to="22.214.171.124" /> </ip-filter>
For more information about working with policies, see: