In this example

In this example, an external API is used to validate an IP address against a blocklist. The external API is Neutrino API, and a free account can be used to test this functionality.

In the example, a request is POSTed to the API. This request includes the following information.

• The user ID (user-id) of the Neutrino API user.
• The API Key (api-key) of the Neutrino API user. Because the Neutrino API requires the administrator’s API key, we will specify this as a Custom authentication token, and reference this API key in the Request Body using a variable.
• The IP address (ip) to check against the blocklist. In this case, use the perflow variable perflow.client.ip.address to check the client’s IP against the blocklist.

As a response, the blocklist check returns a list of information about the IP address specified, as in the following example:

{
    "is-hijacked": false,
    "is-spider": false,
    "is-tor": false,
    "is-dshield": false,
    "is-vpn": false,
    "ip": "*an.ip.address*",
    "is-spyware": false,
    "is-spam-bot": false,
    "blocklists": [],
    "last-seen": 0,
    "is-bot": false,
    "sensors": [],
    "list-count": 0,
    "is-proxy": false,
    "is-malware": false,
    "is-listed": false,
    "is-exploit-bot": false
}

In the example presented, we extract the is-listed response, and if the result is true, the connection is rejected by the per-request policy.