Updated Date: 04/30/2026
In this example
In this example, an external API is used to validate an IP address against a blocklist. The external API is Neutrino API, and a free account can be used to test this functionality.
In the example, a request is POSTed to the API. This request includes the following information.
- The user ID (user-id) of the Neutrino API user.
- The API Key (api-key) of the Neutrino API user. Because the Neutrino API requires the administrator’s API key, we will specify this as a Custom authentication token, and reference this API key in the Request Body using a variable.
- The IP address (ip) to check against the blocklist. In this case, use the perflow variable perflow.client.ip.address to check the client’s IP against the blocklist.
As a response, the blocklist check returns a list of information about the IP address specified, as in the following example:
{
"is-hijacked": false,
"is-spider": false,
"is-tor": false,
"is-dshield": false,
"is-vpn": false,
"ip": "*an.ip.address*",
"is-spyware": false,
"is-spam-bot": false,
"blocklists": [],
"last-seen": 0,
"is-bot": false,
"sensors": [],
"list-count": 0,
"is-proxy": false,
"is-malware": false,
"is-listed": false,
"is-exploit-bot": false
}In the example presented, we extract the is-listed response, and if the result is true, the connection is rejected by the per-request policy.