IP white-listing allows to create lists of trusted IP addresses or IP ranges from which a users can access APIs.
IP white-list is a security feature often used for limiting and controlling access only to trusted users or applications.
Oracle API CS (Cloud Service) provides IP Filter Validation policy to control which IP Addresses can successfully send requests to the API.
The IP address originated by the client is received from the HTTPRequest. This policy checks if the address matches allowed or disallowed IP addressed configured as part of the policy. Upon finding a match, it takes appropriate action as configured. Nonstandard HTTP headers such as X-ProxyUser-Ip, X-Forwarded-For , or HTTP_X_CLUSTER_CLIENT_IP are not supported.
IP Filter Validation policy can be added in the request flow only. It can not be placed first in the flow. Other security polices must be placed before it.
Let's see how to configure the IP Filter Validation policy using API CS console. To complete this task there should be API configured in API CS. If not, please go through the blog Creating an API in Oracle API Platform Cloud Service Read the complete article here.
For regular information on Oracle PaaS become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.