WSO2 ESB provides the ability to filter messages based on different parameters. These parameters include data in the message header, message content or even data relating to the message sender. This blog looks into how WSO2 ESB can be used to filter a message based on the IP Address of a client. The below ESB configuration would filter a message and send it to the beackend service only if it arrives from a pre-defined IP address range (192.168.1.*). If the message is recieved from any other IP address the message is dropped. This type of IP based filtering can be applied to secure a backend service from unauthorized access.
<proxy name="IpFilteringProxy"
transports="https http"
startOnLoad="true"
trace="disable">
<description/>
<target>
<inSequence>
<log level="full">
<property name="TO Property" expression="get-property('axis2','REMOTE_ADDR')"/>
</log>
<filter source="get-property('axis2','REMOTE_ADDR')" regex="192\.168\.1.*">
<then>
<send>
<endpoint>
<address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
</endpoint>
</send>
</then>
<else>
<drop/>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
<faultSequence/>
</target>
</proxy>
<proxy name="IpFilteringProxy"
transports="https http"
startOnLoad="true"
trace="disable">
<description/>
<target>
<inSequence>
<log level="full">
<property name="TO Property" expression="get-property('axis2','REMOTE_ADDR')"/>
</log>
<filter source="get-property('axis2','REMOTE_ADDR')" regex="192\.168\.1.*">
<then>
<send>
<endpoint>
<address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
</endpoint>
</send>
</then>
<else>
<drop/>
</else>
</filter>
</inSequence>
<outSequence>
<send/>
</outSequence>
<faultSequence/>
</target>
</proxy>
No comments:
Post a Comment