Usage
The connector performs IP Whitelisting as follows:
- Whitelisting by IP range - 123.45.67.0-123.45.67.128
- Whitelisting by IP list - 123.45.67.0,123.45.67.128
- Whitelisting by Subnet - 123.45.0.0/16
- whitelisted_ip_range and whitelisted_ip_list are optional and don't need to be configured together.
- When only whitelisted_ip_range is configured, then incoming user client IP address must be present in the range specified.
- When only whitelisted_ip_list is configured, then incoming user client IP address must be present in the IP list specified.
- When both whitelisted_ip_range and whitelisted_ip_list are configured, then client IP address must be present in eiher whitelisted_ip_range and whitelisted_ip_list.
- Introduced new Pre-input configuration keep_client_ip_as_source, which is a boolean flag that is optional.
- When keep_client_ip_as_source is true, then it returns the IP Address of originating client; and if it is false, then it returns the IP address of nearest proxy to Mashery. Whatever IP address it returns depends on this flag; this IP address must be present either in whitelisted_ip_range or in whitelisted_ip_list.
- IP address configured must be a publicly-recognized IP address (for exampe: https://whatismyipaddress.com/)that is recognized by TIBCO Mashery proxy.
- Best practice for IP whitelisting (when third-party proxy server is in front of Mashery in the API call flow) is to configure the IP address of proxy (for example,
Intermediate Node 2) that is closest to Mashery stack.
For example: client/WWW --> Intermediate Node 1 --> Intermediate Node 2 --> Mashery --> Resource API
For more details on how X-Forwarded-For directive compiles client IP address while traversing through various load balancer and or proxy server, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For.
