Hi Team,
We are using OCI load balancer. We have created 2 listeners, one for handling application user traffic and the other for API traffic.
Application traffic is exposed to all(no restriction). We want to restrict the API traffic to specific IPs. For this purpose:
Created a rule set within our load balancer. In the rule set, specified the IP address(ACL) that we want to allow access from. Associated the rule set with the listener that handles API traffic. When we access the API(https://devapi.maavaishnodevi.org/ords/testapi/oauth/token) from postman, we are getting 403 forbidden error. When we remove the ruleset from listener, the API is working.
Things we verified.
We have checked our IP using https://ifconfig.me and https://whatismyipaddress.com and updated in access control in rule set.
For testing purposes, added 0.0.0.0/0 to the access control rule set and API starts working.
Issue is only when we add some IP in the access control list in rule set.
Not sure what is happening. Please kindly share your ideas.
Thanks,
Satish