Restricting access by IP address

You can restrict access to a role or a user by IP address in the Developer Portal.

Before you begin

You must have administrator access to the Developer Portal to complete this task.
Note: This module will only synchronize the credentials of applications created by consumers in the Developer Portal site UI. It cannot synchronize the credentials for applications created by the provider in the API Manager UI.

About this task

By restricting access to a role by IP address, that role is unavailable to users outside of the IP address ranges that you define. If a role restriction is triggered, the user's session is unaffected, but the restricted role is no longer available to the user. Role restriction affects only the availability of the restricted role to users. Role restrictions are available for all roles, except anonymous user and authenticated user.

By restricting login access of a user by IP address, the user is unable to log in outside of the IP address ranges that you define. You can also specify global IP address ranges, which apply to all users. IP restrictions are checked on every page load. If a user restriction is triggered by an attempt at logging in being denied, then the user is logged out and sent to the 'error page' that is specified by the site administrator.
Note: IP address ranges must be entered in CIDR notation that is separated with semi-colons and no trailing semi-colon. For more information on CIDR notation, see CIDR format.

Procedure

  1. In the Developer Portal, click Configuration > People > Restrict by IP, then click Restrict log in by IP.
  2. On the Global restrictions tab, enter the address of the page to which the user is redirected to if they are not allowed to log in, in the Login denied error page.
  3. Select one of the following options:
    • To restrict access to a role by IP address, complete the following steps:
      1. Click Restrict role by IP.
      2. Decide which role you want to restrict, the roles that you can restrict include Administrator, Content Author, and Forum Moderator.
      3. Enter the IP address range (in CIDR notation) that you do not want to restrict log in for in the field for that role, for example, Forum Moderator role IP range.
      4. Click Save configuration.

        View of restriction by role

    • To restrict login access of a user by IP address, complete the following steps:
      1. Click Restrict login by IP, then click User restrictions.
      2. In the ADD NEW USER ALLOWED IP RANGE section, enter a user name in the Username field.
      3. Enter an IP address Range (in CIDR notation), that you do not want to restrict log in for in the Allowed IP range field.
      4. Click Save configuration. Your new log in restriction can be seen after the ADD NEW USER ALLOWED IP RANGE section.

        view of restriction by user

    • To restrict login for all users, complete the following steps:
      1. Click Restrict login by IP, then click Global restrictions tab.
      2. Enter the global IP address ranges (in CIDR notation) in the Restrict global login to allowed IP range field.
      3. Click Save configuration.
  4. To remove an IP restriction, delete the value that is associated with the restriction, then click Save configuration.