我想限制Azure APIM策略级别的一些IP。
我在下面的链接中去了; https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#RestrictCallerIPs
Azure API 管理限制多个调用方 IP 地址
但不确定如何使用 API 端点级别执行此操作policy scope
我在策略中有以下代码.xml:
<policies>
<inbound>
<base />
<!-- statements to be applied to the request go here -->
<authentication-certificate thumbprint="@((string)context.Variables["ClientCertificateThumbprint"])" />
<rate-limit-by-key calls="100" renewal-period="60" counter-key="@(context.Request.Headers.GetValueOrDefault("Ocp-Apim-Subscription-Key"))" />
<cors>
<allowed-origins>
<origin>*</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="600">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
<ip-filter action="allow">
<address>55.11.187.20</address>
<address-range from="186.168.95.0" to="186.168.95.20" />
</ip-filter>
</inbound>
<backend>
<base />
<!-- statements to be applied before the request is forwarded to
the backend service go here -->
</backend>
<outbound>
<base />
<!-- statements to be applied to the response go here -->
</outbound>
<on-error>
<base />
<!-- statements to be applied if there is an error condition go here -->
</on-error>
</policies
>
使用高级策略中的控制流,可以将范围更改为 API 终结点级别(操作)以限制 IP 地址,如下所示
<choose>
<when condition="@(context.Operation.Id.Equals("StatusGet"))">
<ip-filter action="allow">
<address>55.11.187.20</address>
<address-range from="186.168.95.0" to="186.168.95.20" />
</ip-filter>
</when>
</choose>
</inbound>
参考: https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies
导航到
- Azure 门户、APIM 服务、API。
- 单击要应用 IP 筛选器的 API
- 在"入站处理"部分中,单击"添加策略"并选择 IP 过滤器。