Webapi2 Access Filters

 

You can set webapi2 access filters under the Security settings. You can set webapi2 access filter access filter on server level - you can not set user or domain specific security filters. With this filter you specify rules for accessing webapi2 methods.

In the example above you can deny webapi2 method utils/login for any IP address. It will deny any version of utils/login method, because filter matches all versions (utils/login/*). Instead of ip any you can use also specific IP address or IP address range.

You can limit access for all users from one specific IP - method utils/echo/1 can be called only 10 times in 5 second rangeYou can set expiration range in milliseconds (ms), seconds (s), minutes (m) or hours (h).

NOTE: When using throttle filter every call has its own timer - in the example above, if you call method echo 5 times in the first second and 6 times in fourth second, last call will be denied (because the limit is 10). Every other call in the range of 5 seconds would be denied too. But you can repeat 3 calls in the sixth second, as the timer for first 3 calls would already run out.

You can also deny specific user from calling specific method - in the example above you deny user with ID s2_0_2 from calling method utils/echo/1.

You don't need to use exact method version, instead you can use wildcard to match method name with all existing versions - example above is the same as previous example with version (utils/echo/1).

All possible combinations for webapi2 access filter are:

[ip any OR ip <specific ip> OR ip <ip range>]
filter deny_method <method name>;
filter deny_user <user ID>;
throttle user;expires <range>s;max number <maximum attempts>;
throttle method;expires <range>s;max number <maximum attempts>;

[method <method name with method version> OR method <method name with wildcard>]
filter deny_user <user ID>;
throttle ip;expires <range>s;max number <maximum attempts>;
throttle user;expires <range>s;max number <maximum attempts>;

Syntax is same for same group of filters (same for throttle, same for filter).

Versions

Setting
Raw data
Min Version
Filters that define access to webapi2
server:s-999_0_0:webapi2_access_filter=[<empty>, <filter string>] ICP 4.0.0
Tags: isl conference proxy, settings, advanced examples

Was this article helpful?