Ip range in Identity gateway

Hi Experts,
I want to allow a request if its in ip range of 10.* well there is an AllowOnlyFilter in IG 7 but not in 6.5.x. how would i allow a specific range to access an API. thanks

Yeramsh,

Routes have a condition which you can set to filter out requests based on their properties.
This can be defined when the route is created. It uses the condition properties and string, or regex matching rules.
Check the documentation here for all details.

I hope it helps

1 Like

If your asking how to filter a client request based on their ip

For logic filtering (e.g. IP address range) you’ll need to implement a scriptable filter. Note that IG has to process the route traffic before making a scripted filter decision, so this isn’t precisely a firewall rule. IG will allow traffic to reach itself, process it, and then apply the scripted logic to deny or approve the request to the protected application.

Depending on your config you maybe able to get the client IP from ${request.headers[‘x-forwarded-for’]} or OpenIG doc 6.0.0 Documentation] and could see getRemoteAddress () is available to fetch the Remote Address.

For further details, see the following documents:
Setting Route Conditions
ScriptableFilter

Thanks for your response.Am using groovy how would I get this method called getRemoteAddress() in groovy? Pls advice.

I tried with the below snipped in groovy but it didn’t work.
import org.forgerock.services.context.ClientContext
logger.info ‘getRemoteAddress**:’+ClientContext.getRemoteAddress() //Offcousre i had logger defined.

Yeramsh,

In order to get the ClientContext you can use the context.asContext(...) call.
See Available Objects > context

Hi Gery,
I tried with the below code in the groovy file I get the below exception.Pls advice.
String remoteHost = context.asContext(ClientContext.class).getRemoteHost();
logger.info ‘remoteHost=:’+remoteHost

Error
Caused by: groovy.lang.MissingMethodException: No signature of method: org.forgerock.services.context.ClientContext.getRemoteHost() is applicable for argument types: () values: []
Possible solutions: getRemotePort(), getRemoteUser()

Yeramsh,

There is no getRemoteHost function, as per the error message.
I think the function you are looking for is getRemoteAddress. Check the Javadoc for more options:
https://backstage.forgerock.com/docs/ig/6.5/apidocs/index.html?org/forgerock/services/context/ClientContext.html

Thanks, Gery for the response. I saw the java dock but how would I retrieve this java method getRemoteAddress in a groovy file? Since am using this in IG.
I tried with the below but it doesn’t work.Did you get a chance to try out this pls? thanks
String remoteHost = context.asContext(ClientContext.class).getRemoteHost();

Yeramsh,

The Object will be available in the same way in Groovy and Java.
You may have to add the import.
import org.forgerock.services.context.ClientContext;
Let us know how it goes.

Hi Gery,
After the import, below is the error am getting.
javax.script.ScriptException: groovy.lang.MissingMethodException: No signature of method: org.forgerock.services.context.ClientContext.getRemoteHost() is applicable for argument types: () values: []
Possible solutions: getRemotePort(), getRemoteUser()

Yeramsh,

This error shows that you are trying to use a method that does not exist.
You are using the object ClientContext in your script and therefore you must use one of the methods described in the Javadoc (link below). This had already been mentioned on December 13th, but here is the link again for convenience:
https://backstage.forgerock.com/docs/ig/6.5/apidocs/index.html?org/forgerock/services/context/ClientContext.html