Overview
IP access control is a security protection capability provided by API Gateway. It is mainly used to restrict the source IPs of API callers. You can allow/reject API requests from a certain source by configuring the IP allowlist/blocklist of an API.
Note:
The original IP access control policy data has been migrated to the IP access control plugin, which can be managed on the Plugin page.
Directions
Step 1. Create a plugin
- Log in to the API Gateway console
- On the left sidebar, click Plugin to enter the plugin list page.
- Click Create in the top-left corner to create an IP access control plugin.

Step 2. Bind an API and make the plugin effective
- Select the just created plugin in the list and click Bind API in the Operation column.
- In the Bind API pop-up window, select the service, environment, and the API to which the plugin needs to be bound.

- Click OK to bind the plugin to the API. At this time, the configuration of the plugin has taken effect for the API.
PluginData
{
"type":"white_list", // IP access control type. Valid values: white_list: allowlist; black_list: blocklist
"blocks":"1.1.1.1" // IP range
}
Notes
- The IP access control plugin supports blocklist and allowlist modes. When the allowlist is used, requests from IPs not in the allowlist will be rejected by API Gateway; when the blocklist is used, requests from IPs in the blocklist will be rejected by API Gateway.
- Multiple IPs or CIDR blocks can be entered in the IP access control plugin, which should be separated with semicolons.
Usage Limits
Currently, a shared instance does not support access control of client IPs on the private network.
Was this page helpful?