webMethods API Gateway Q&A - IP Address Range for whitelisting does not work for large ranges

Product/components used and version/fix level:

Version: 10.3 and Above
Operating System: Red Hat Enterprise Linux

Detailed explanation of the problem:

It does not work when a broad IP address range is added to the application identifiers to verify the IP address for whitelisting. The IP address range from to allows the application to call the API successfully when an API request with the IP address “” is received, but the range from to does not.

The IP address is within both IP address ranges, so why is the second scenario not working?

This is to be expected since the IP address range for the second scenario combines invalid private and public IP address combinations. Please visit Difference between Private and Public IP addresses - GeeksforGeeks for more details about private addresses and public addresses.

Users can set multiple IP address ranges to whitelist both private and public IP addresses rather than setting a single, expansive IP address range.

1 Like

Every infrastructure setup differs but you might consider not doing IP whitelisting at the API Gateway and instead do so before traffic even reaches the gateway. IMO, IP filtering at the network level rather than at the “application” (API GW) level offers a number of advantages.

API GW can certainly do IP filtering but likely preferable to do so there only as a last resort.