IP Whitelisting — Complete Gateway Network Access Guide
In this tutorial, you will learn about IP Whitelisting. We cover key concepts, practical examples, and best practices to help you master this topic.
IP whitelisting at the gateway blocks traffic from untrusted IP addresses at the entry point, preventing unauthorized network access before any authentication or processing occurs.
What You'll Learn
You'll learn how to configure IP whitelisting in gateways, CIDR notation, and integration with VPCs and private networks.
Why It Matters
IP whitelisting at the gateway is the most efficient access control because unauthorized traffic is rejected at the edge, consuming minimal resources.
Real-World Use
An internal admin API Gateway whitelists only the corporate VPN CIDR range. All other traffic receives 403 Forbidden without any processing. This prevents DDoS attacks from reaching internal API services.
Implementation
# Kong IP restriction plugin
plugins:
- name: ip-restriction
config:
allow:
- 192.168.1.0/24
- 10.0.0.0/8
- 203.0.113.0/24
deny:
- 0.0.0.0/0
# NGINX IP whitelist
server {
location /api/admin {
allow 10.0.0.0/8;
allow 192.168.1.0/24;
deny all;
proxy_pass http://admin-service:3000;
}
location /api/public {
allow all;
proxy_pass http://public-service:3000;
}
}
Common Mistakes
| Mistake | Fix | |---------|-----| | Relying on X-Forwarded-For without verification | IP spoofing possible | Use real client IP from connection | | No IPv6 whitelist | Blocks legitimate IPv6 traffic | Whitelist both IPv4 and IPv6 ranges | | Overly broad whitelist (/0) | Defeats purpose | Use the smallest possible ranges | | Static whitelist for dynamic environments | Use automation to update whitelist |
What's Next
Learn about logging and monitoring at the API gateway.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro