Access Rules
Access rules in Arxignis provide granular control over who can access your applications and under what conditions. These rules help you implement security policies, geographic restrictions, and network-based access controls.
Overview
Access rules allow you to:
- Block or allow specific IP addresses or ranges
- Implement geographic restrictions by country
- Control access by ASN (Autonomous System Number)
- Create rule lists for different access policies
- Resolve geographic and ASN rules to IP ranges
API Endpoints
Get Access Rule
Retrieve a specific access rule by ID.
GET /v1/access-rules/{id}?resolve=true
Parameters:
id(path, required): Access rule ID (UUID)resolve(query, optional): Resolve country codes and ASN numbers to IP ranges (default: false)
Rule Categories
Allow Rules
Rules that explicitly allow access:
{
"allow": {
"country": ["US", "CA", "GB"],
"asn": ["AS32934", "AS15169"],
"ips": ["192.168.1.0/24", "10.0.0.1"]
}
}
Block Rules
Rules that explicitly block access:
{
"block": {
"country": ["CN", "RU", "KP"],
"asn": ["AS4134", "AS4837"],
"ips": ["192.168.100.0/24", "10.1.0.0/16"]
}
}
Response Formats
Basic Format (resolve=false)
{
"success": true,
"data": {
"id": "dcfb642a-1daa-4c3a-ae1d-708379217e15",
"name": "admin",
"description": "Administrator access",
"allow": {
"country": ["US", "CA"],
"asn": ["AS32934"],
"ips": ["192.168.1.0/24"]
},
"block": {
"country": ["CN"],
"asn": ["AS4134"],
"ips": ["10.0.0.0/8"]
},
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
}
Resolved Format (resolve=true)
When resolve=true, country codes and ASN numbers are resolved to actual IP ranges:
{
"success": true,
"data": {
"id": "dcfb642a-1daa-4c3a-ae1d-708379217e15",
"name": "admin",
"description": "Administrator access",
"allow": {
"country": [
{
"US": ["1.0.0.0/8", "2.0.0.0/8", "3.0.0.0/8"]
},
{
"CA": ["24.0.0.0/8", "25.0.0.0/8"]
}
],
"asn": [
{
"AS32934": ["8.8.8.0/24", "8.8.4.0/24"]
}
],
"ips": ["192.168.1.0/24"]
},
"block": {
"country": [
{
"CN": ["1.0.1.0/24", "1.0.2.0/23"]
}
],
"asn": [
{
"AS4134": ["202.96.0.0/12"]
}
],
"ips": ["10.0.0.0/8"]
},
"is_active": true,
"created_at": "2024-01-01T00:00:00Z",
"updated_at": "2024-01-01T00:00:00Z"
}
}
Rule Types
Country-based Rules
Control access based on geographic location using ISO country codes:
- US - United States
- CA - Canada
- GB - United Kingdom
- CN - China
- RU - Russia
ASN-based Rules
Control access based on Autonomous System Numbers:
- AS32934 - Google LLC
- AS15169 - Google LLC
- AS4134 - China Telecom
- AS4837 - China Unicom
IP-based Rules
Control access based on specific IP addresses or CIDR ranges:
- 192.168.1.0/24 - Private network range
- 10.0.0.0/8 - Private network range
- 203.0.113.0/24 - Documentation range
Error Responses
400 Bad Request
{
"success": false,
"error": "Invalid ID format",
"details": {
"id": "invalid-uuid"
}
}
404 Not Found
{
"success": false,
"error": "Access rules not found",
"details": {
"id": "dcfb642a-1daa-4c3a-ae1d-708379217e15"
}
}
500 Internal Server Error
{
"success": false,
"error": "Failed to retrieve access rules",
"details": {
"id": "dcfb642a-1daa-4c3a-ae1d-708379217e15"
}
}
Best Practices
- Use resolve=true sparingly - Resolved data is expensive to compute
- Cache responses - Access rules don't change frequently
- Test with small datasets - Resolved format can return large IP ranges
- Monitor cache performance - Check cache hit rates in response headers
- Handle missing rules - Always check for 404 responses when rules don't exist