Using the ip-security-enabled command
You can use the ip-security-enabled commands to toggle IP security on
your Developer Portal.
When IP security is enabled, modules such as the Drupal Perimeter Defence module, or flood control,
will block client IP addresses suspected of malicious behavior, as expected. Banned IP addresses can
be cleared by using the security:clear-bans
command. You might want to turn off IP
security if you are performing penetration tests, or if you cannot pass through the client IP
address from your external load balancer. Note that IP security is enabled by default on the Developer Portal.
- Log in as Cloud manager:
apic login --server management_server --realm admin/identity_provider --username admin --password cloud_password
You can determine which identity provider to use in the--realm
parameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
For example:apic identity-providers:list --scope admin --server mgmt_endpoint_url --fields title,realm
Theapic identity-providers:list --scope admin --server myserver.com --fields title,realm total_results: 2 results: - title: Cloud Manager User Registry realm: admin/default-idp-1 - title: Corporate LDAP user registry realm: admin/corporate-ldap
title
value should enable you to determine which identity provider to use; you can then copy the corresponding--realm
parameter directly from the displayedrealm
value. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization isdefault-idp-1
.For full details of the
apic login
command, see Logging in to a management server. - Enable IP security on the Developer Portal:
apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled true
management_server
is the endpoint URL of the management server.portal
is the name of the portal service.--enabled
is set totrue
to enable IP security. Can be set tofalse
to disable IP security.
For example:apic --mode portaladmin ip-security-enabled:update --server my.management.server.com --portal_service_name my_portal_service --enabled true IP security has been successfully set to true
- Disable IP security on the Developer Portal:
apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled false