Using the ip-security-enabled command
You can use the ip-security-enabled commands to toggle IP security on
your Developer Portal.
When IP security is enabled, modules such as the Drupal Perimeter Defence module, or flood control,
will block client IP addresses suspected of malicious behavior, as expected. Banned IP addresses can
be cleared by using the
security:clear-bans command. You might want to turn off IP
security if you are performing penetration tests, or if you cannot pass through the client IP
address from your external load balancer. Note that IP security is enabled by default on the Developer Portal.
- Log in as Cloud manager:
apic login --server management_server --realm admin/identity_provider --username admin --password cloud_passwordYou can determine which identity provider to use in the
--realmparameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
apic identity-providers:list --scope admin --server mgmt_endpoint_url --fields title,realm
apic identity-providers:list --scope admin --server myserver.com --fields title,realm total_results: 2 results: - title: Cloud Manager User Registry realm: admin/default-idp-1 - title: Corporate LDAP user registry realm: admin/corporate-ldap
titlevalue should enable you to determine which identity provider to use; you can then copy the corresponding
--realmparameter directly from the displayed
realmvalue. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization is
For full details of the
apic logincommand, see Logging in to a management server.
- Enable IP security on the Developer Portal:
apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled true
management_serveris the endpoint URL of the management server.
portalis the name of the portal service.
--enabledis set to
trueto enable IP security. Can be set to
falseto disable IP security.
apic --mode portaladmin ip-security-enabled:update --server my.management.server.com --portal_service_name my_portal_service --enabled true IP security has been successfully set to true
- Disable IP security on the Developer Portal:
apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled false