I am doing POC on WSO2 API Manager for one of the project and trying to implement white listing IP for a particular API such that API should not be accessible from any other IP.
I have tried implementing the same using the WSO2 documentation (https://docs.wso2.com/display/AM200/Managing+Throttling) but couldn't do it.
Is it really possible to achieve the above scenario in WSO2 API Manager? If yes, then please guide to implement the same.
Yes. It is possible to implement IP Whitelisting with WSO2 API-M. Usually, after creating an advanced throttling policy as per instructed in the documentation [1], it takes some time to deploy the execution policy. The first few requests from the IPs, that should be blocked, will be passed through. After the execution policy is successfully deployed, accessing from non-whitelisted IP addresses will be blocked.
But, when creating the related conditional group, if the time duration is set to a small duration, i.e. 1 minute, the execution policy will reset every 1 minute. During this resetting time, the requests from the IPs, that should be blocked, will be passed through. This can be avoided by setting a high time duration so that we can have a low frequency of resetting the execution policy. Then there won't be any intermittent passthrough calls from the blocked IP addresses.
[1]. https://docs.wso2.com/display/AM200/Managing+Throttling#ManagingThrottling-IPWhitelisting
but couldn't do it- please elaborate - do you mean you cannot follow the documentation or other IPs are not blocked? What type of security are you using (Application/User)? (if you say no security, I believe some throttling features are not engaged) – gusto2