Instead of denying requests based on request properties like headers or paths, you may need to restrict access based on the request’s source IP address. By defining allow lists (permitting only specific IP ranges) or deny lists (blocking unwanted IPs), you can: 🛡 Enhance security by blocking malicious IPs or untrusted networks.
🚀 Limit access to internal or private resources.
⚡ Prevent API abuse by restricting access to known users or organizations.

🔍 What are the Benefits of Restricting IPs?

IP-based restrictions provide a simple yet effective security mechanism that doesn’t require authentication tokens or additional request validation. Key Benefits:
  • Block Malicious or Unauthorized Traffic: Stop unwanted requests before they reach your backend.
  • Restrict Access to Internal Users: Ensure only approved teams or offices can reach private APIs.
  • Reduce Attack Surface: Prevent access from high-risk geographies or known malicious networks.
  • Enforce Compliance Policies: Meet regulatory requirements by restricting access to specific locations.
  • Lightweight and Efficient: No need for complex authentication mechanisms—filter requests at the network edge.

IP Restriction Examples

The following examples restrict access to specific IP addresses using the restrict-ips action. Check out the IP restriction policy action page for more details about how it functions and the parameters it accepts. 
apiVersion: ngrok.k8s.ngrok.com/v1alpha1
kind: AgentEndpoint
metadata:
name: example-agent-endpoint
spec:
url: https://example-hostname.ngrok.io
upstream:
  url: http://my-service.my-namespace:8080
trafficPolicy:
  inline:
    on_tcp_connect:
      - actions:
          - type: restrict-ips
            config:
              enforce: true
              allow:
                - 1.1.1.1/32
              deny:
                - e680:5791:be4c:5739:d959:7b94:6d54:d4b4/128