The organizational IP filtering policy consists of a set of access rules that determine IP addresses that are allowed or denied permission to invoke managed APIs and custom APIs. The policy applies to all the APIs in the organization. API-specific IP filtering policies and API group IP filtering policies override the organizational IP filtering policy.
When API Manager receives a request to invoke an API, it checks the IP address of the request against the rules in the policy, in the order that the rules are listed in. API Manager applies the first rule in the rules table that matches the request IP address to the request. You can change the order of the rules by moving them up or down.
To allow access to specific IP addresses and deny access to all other IP addresses, add the rules that allow access before the rule that denies access. To deny access to specific IP addresses and allow access to all other IP addresses, add the rules that deny access before the rule that allows access.
IP Filtering Policy Example
The following table lists rules that allow access to several IP address ranges, and deny access to all other IP addresses: