Tyk, the powerful API gateway, provides various methods to control access to your API definitions. This article dives into two effective techniques for limiting traffic based on IP addresses:
-
IP Allowlisting: This approach offers a strict access control mechanism, granting permission only to requests originating from predefined IP addresses or CIDR ranges.
-
IP-based Rate Limiting: This method allows access from any IP address but enforces a per-IP rate limit, preventing individual users or applications from overwhelming your API with excessive requests.
Here's how to implement each method:
1. IP Allowlisting:
- Tyk utilizes the
enable_ip_whitelisting
andallowed_ips
options within the API definition to configure allowlisting. - You can define a list of IP addresses or CIDR ranges in the
allowed_ips
option. More information can be found here
2. IP-based Rate Limiting:
- Tyk's built-in rate limiting features don't directly support IP-based limits. However, you can achieve this using a custom plugins/middleware.
- To make this work, you'll need to find a way to extract or fetch the IP (either internally or externally) and use it as a unique identifier (authorization header) to create a session that controls the amount of access the IP has to the API.
- We have a sample that shows how you can use a Golang plugin or JavaScript plugin with Nginx.
Comments
0 comments
Please sign in to leave a comment.