Using the ip-security-enabled command

You can use the ip-security-enabled commands to toggle IP security on your Developer Portal. When IP security is enabled, modules such as the Drupal Perimeter Defence module, or flood control, will block client IP addresses suspected of malicious behavior, as expected. Banned IP addresses can be cleared by using the security:clear-bans command. You might want to turn off IP security if you are performing penetration tests, or if you cannot pass through the client IP address from your external load balancer. Note that IP security is enabled by default on the Developer Portal.

  1. Log in as Cloud manager:
    apic login --server management_server --realm admin/identity_provider --username admin --password cloud_password
    You can determine which identity provider to use in the --realm parameter by entering the following command to see a list of all available identity providers (you do not need to be logged in to use this command):
    apic identity-providers:list --scope admin --server mgmt_endpoint_url --fields title,realm
    For example:
    apic identity-providers:list --scope admin --server myserver.com --fields title,realm
    total_results: 2
    results:
      - title: Cloud Manager User Registry
        realm: admin/default-idp-1
      - title: Corporate LDAP user registry
        realm: admin/corporate-ldap
    The title value should enable you to determine which identity provider to use; you can then copy the corresponding --realm parameter directly from the displayed realm value. For any identity providers that were created by your administrator after API Connect was installed, the names will have been determined at creation time. The default Cloud Manager Local User Registry for login as a member of the cloud administration organization is default-idp-1.

    For full details of the apic login command, see Logging in to a management server.

  2. Enable IP security on the Developer Portal:
    apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled true
    • management_server is the endpoint URL of the management server.
    • portal is the name of the portal service.
    • --enabled is set to true to enable IP security. Can be set to false to disable IP security.
    For example:
    apic --mode portaladmin ip-security-enabled:update --server my.management.server.com --portal_service_name my_portal_service --enabled true
    IP security has been successfully set to true
  3. Disable IP security on the Developer Portal:
    apic --mode portaladmin ip-security-enabled:update --server management_server --portal_service_name portal --enabled false