IP Blocking and Accessing Using ACL

In this blog, we will learn about IP blocking and accessing using ACL( Access control list).

About:

• IP blocking in IBM Data Power is a security feature that allows administrators to control access to services by allowing or denying requests based on the client’s IP address. 
• This is an important security measure to protect against unauthorized access, attacks, and other malicious activities.
• The above block diagram shows some Examples of scenarios of blocking the IP.

1. Block Single IP

• Deny 192.168.x.x/32 → Blocks only this IP
• Allow 0.0.0.0/0 → Permits all other traffic

2. Allow Only Particular Network

• Deny 0.0.0.0/0 → First blocks everyone
• Allow 192.168.0.0/16 → Then permits particular IPs

3. Multi-Layer Filtering

• Deny 10.0.0.0/8 and 172.16.0.0/12 → Blocks two ranges
• Allow 0.0.0.0/0 → Permits remaining traffic

Key Rule: First matching rule success; unmatched requests get blocked by default

Procedure:

• Login In the data power and select the application domain which you want to configure the IP blocking and accessing.
• Click on MPGW and create an MPGW service by clicking add.

• Create a Front Side Protocol by clicking “+”, Create A HTTP Handler Click on it.

• Fill the required fields and click on Access Control List “+”.

      

 

• Click on Add to configure the IP’s to block or Allowing

• Give the address range as given in the screenshot. If you put access a allow only that IP will get access to use the service, if you put deny no one will get the access to use the service

Note: In the above screenshot, I am blocking the 192.168.XX.XXX IP and giving every other IP to get access to use the service.

Testing:

• Open Postman Application and give the Data power service URL and attempt to access the service from the blocked IP (e.g., 192.168.XX.XXX). Verify that the connection is rejected with an error.        

• Try to access the service other than blocked IP. Confirm the service responds normally without any errors.