IP Whitelisting

HI Team,

I am trying to enable IP Whitelisting. As per the link Allowing IPs , I added configuration in tyk.conf and restarted the server. But its not working.

I added below in tyk.conf:
“enable_ip_whitelisting”: true,
“allowed_ips”: [“10.10.31.38”],

Ideally I must be able to connect to tyk api only from 10.10.31.38 server but I am able to access from the different IPs also.

Please suggest If anything missed out.

Hi @saloni512, it’s not working because you added it to the tyk.config file instead of your API definition file. As per our docs, the enable_ip_whitelisting and allowed_ips properties can be found in the API definition spec.

I tried adding below in api definition, still the same (able to access from other IPs):

“enable_ip_whitelisting”: true,
“allowed_ips”: [“18.142.155.240”],

Do we need to restart tyk server?

I have done below :
Reload API
restart tyk

Please suggest If I configured wrongly.

Yes, you need to Hot Reload the gateway for the changes to take effect.

If you are still having having issues then check the source IP of the request using httpbin.org

I already did reload of api and even restart of tyk using systemctl.

If you are still having having issues then check the source IP of the request using httpbin.org: I didnt understand this.

Can you hep to fix the issue?

https://httpbin.org/ip will return the public interfacing IP address of the source. So the whitelist should happen as long as you pass in the IP address received from the IP endpoint.

If you try to access the gateway from any other IP, the result should be

{
    "error": "access from this IP has been disallowed"
}

To help resolve the issue, can you share your API definition?

Below is my api definition, so curl should work only from the whilelisted IP ( “allowed_ips”: [“18.142.155.240”]):

{
“name”: “cloudgatewayhttpbasicauth”,
“slug”: “cloudgatewayhttpbasicauth”,
“listen_port”: 0,
“protocol”: “”,
“enable_proxy_protocol”: false,
“api_id”: “cloudgatewayhttpbasicauth”,
“org_id”: “5”,
“use_keyless”: false,
“use_oauth2”: false,
“use_openid”: false,
“openid_options”: {
“providers”: null,
“segregate_by_client”: false
},
“oauth_meta”: {
“allowed_access_types”: null,
“allowed_authorize_types”: null,
“auth_login_redirect”: “”
},
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“auth_configs”: null,
“use_basic_auth”: true,
“basic_auth”: {
“disable_caching”: false,
“cache_ttl”: 0,
“extract_from_body”: false,
“body_user_regexp”: “”,
“body_password_regexp”: “”
},
“use_mutual_tls_auth”: false,
“client_certificates”: null,
“upstream_certificates”: null,
“pinned_public_keys”: null,
“enable_jwt”: false,
“use_standard_auth”: false,
“use_go_plugin_auth”: false,
“enable_coprocess_auth”: false,
“jwt_signing_method”: “”,
“jwt_source”: “”,
“jwt_identity_base_field”: “”,
“jwt_client_base_field”: “”,
“jwt_policy_field_name”: “”,
“jwt_default_policies”: null,
“jwt_issued_at_validation_skew”: 0,
“jwt_expires_at_validation_skew”: 0,
“jwt_not_before_validation_skew”: 0,
“jwt_skip_kid”: false,
“jwt_scope_to_policy_mapping”: null,
“jwt_scope_claim_name”: “”,
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“enable_signature_checking”: false,
“hmac_allowed_clock_skew”: 0,
“hmac_allowed_algorithms”: null,
“request_signing”: {
“is_enabled”: false,
“secret”: “”,
“key_id”: “”,
“algorithm”: “”,
“header_list”: null,
“certificate_id”: “”,
“signature_header”: “”
},
“base_identity_provided_by”: “”,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: null,
“white_list”: null,
“black_list”: null
},
“use_extended_paths”: true,
“extended_paths”: {},
“global_headers”: null,
“global_headers_remove”: null,
“global_response_headers”: null,
“global_response_headers_remove”: null,
“ignore_endpoint_case”: false,
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“uptime_tests”: {
“check_list”: null,
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
},
“recheck_wait”: 0
}
},
“proxy”: {
“preserve_host_header”: false,
“listen_path”: “/CloudGateway/rest/”,
“target_url”: “https://ip-10-10-31-38.ap-southeast-1.compute.internal:8443”,
“disable_strip_slash”: false,
“strip_listen_path”: false,
“enable_load_balancing”: false,
“target_list”: null,
“check_host_against_uptime_tests”: false,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
},
“transport”: {
“ssl_insecure_skip_verify”: false,
“ssl_ciphers”: null,
“ssl_min_version”: 0,
“ssl_max_version”: 0,
“ssl_force_common_name_check”: false,
“proxy_url”: “”
}
},
“disable_rate_limit”: false,
“disable_quota”: false,
“custom_middleware”: {
“pre”: null,
“post”: null,
“post_key_auth”: null,
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false,
“raw_body_only”: false
},
“response”: null,
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: null
}
},
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 0,
“enable_cache”: false,
“cache_all_safe_requests”: false,
“cache_response_codes”: null,
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”,
“cache_by_headers”: null
},
“session_lifetime”: 0,
“active”: true,
“internal”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
},
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
},
“event_handlers”: {
“events”: null
},
“enable_batch_request_support”: false,
“enable_ip_whitelisting”: true,
“allowed_ips”: [“18.142.155.240”],
“enable_ip_blacklisting”: false,
“blacklisted_ips”: null,
“dont_set_quota_on_create”: false,
“expire_analytics_after”: 0,
“response_processors”: null,
“CORS”: {
“enable”: false,
“allowed_origins”: null,
“allowed_methods”: null,
“allowed_headers”: null,
“exposed_headers”: null,
“allow_credentials”: false,
“max_age”: 0,
“options_passthrough”: false,
“debug”: false
},
“domain”: “”,
“certificates”: null,
“do_not_track”: false,
“tags”: null,
“enable_context_vars”: false,
“config_data”: null,
“tag_headers”: null,
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“strip_auth_data”: false,
“enable_detailed_recording”: false,
“graphql”: {
“enabled”: false,
“execution_mode”: “”,
“version”: “”,
“schema”: “”,
“type_field_configurations”: null,
“playground”: {
“enabled”: false,
“path”: “”
},
“engine”: {
“field_configs”: null,
“data_sources”: null
}
}
}

Hi @saloni512, I am afraid I could not reproduce the issue. Your API definition is fine. The only thing I can think of is that the machines or sources are sharing the same public IP address.

Can you visit this endpoint https://httpbin.org/ip and verify that the IP address is not the same for multiple machines.

Below is the output from my local:

{
“origin”: “119.74.213.58, 165.225.112.107”
}

which is different than the one I whitelisted. But still I am able to curl from my local.

Please suggest further.

Could you confirm the version of your Tyk gateway?

Also in addition to the gateway version, could you add the API def properties below and share the verbose result of the curl. You can append the -v at the end of the curl request.

Global headers

"global_headers": {
	"X-Real-IP": "$tyk_context.headers_X-Real-IP",
	"X-Tyk-Real-IP": "$tyk_context.remote_addr",
	"X-Tyk-X-Forwarded-For": "$tyk_context.headers_X_Forwarded_For"
}

And Enable Context Vars

{ 
...
"enable_context_vars": true,
...
}

Below is the output:

C:\Users\Administrator> curl -v http://ec2-18-142-155-240.ap-southeast-1.compute.amazonaws.com:8080/CloudGateway/rest/ -u “cibadmin:admin”

GET /CloudGateway/rest/ HTTP/1.1
Host: ec2-18-142-155-240.ap-southeast-1.compute.amazonaws.com:8080
Authorization: Basic Y2liYWRtaW46YWRtaW4=
User-Agent: curl/7.55.1
Accept: /

< HTTP/1.1 200 OK
< Content-Length: 0
< Date: Mon, 01 Nov 2021 04:47:39 GMT
< X-Ratelimit-Limit: 0
< X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 0
<

C:\Users\Administrator>

API Definition:

[root@ip-10-10-31-38 apps]# vi cloudgatewayhttpbasicauth.json
[root@ip-10-10-31-38 apps]# cat cloudgatewayhttpbasicauth.json
{
“name”: “cloudgatewayhttpbasicauth”,
“slug”: “cloudgatewayhttpbasicauth”,
“listen_port”: 0,
“protocol”: “”,
“enable_proxy_protocol”: false,
“api_id”: “cloudgatewayhttpbasicauth”,
“org_id”: “5”,
“use_keyless”: false,
“use_oauth2”: false,
“use_openid”: false,
“openid_options”: {
“providers”: null,
“segregate_by_client”: false
},
“oauth_meta”: {
“allowed_access_types”: null,
“allowed_authorize_types”: null,
“auth_login_redirect”: “”
},
“auth”: {
“use_param”: false,
“param_name”: “”,
“use_cookie”: false,
“cookie_name”: “”,
“auth_header_name”: “”,
“use_certificate”: false,
“validate_signature”: false,
“signature”: {
“algorithm”: “”,
“header”: “”,
“secret”: “”,
“allowed_clock_skew”: 0,
“error_code”: 0,
“error_message”: “”
}
},
“auth_configs”: null,
“use_basic_auth”: true,
“basic_auth”: {
“disable_caching”: false,
“cache_ttl”: 0,
“extract_from_body”: false,
“body_user_regexp”: “”,
“body_password_regexp”: “”
},
“use_mutual_tls_auth”: false,
“client_certificates”: null,
“upstream_certificates”: null,
“pinned_public_keys”: null,
“enable_jwt”: false,
“use_standard_auth”: false,
“use_go_plugin_auth”: false,
“enable_coprocess_auth”: false,
“jwt_signing_method”: “”,
“jwt_source”: “”,
“jwt_identity_base_field”: “”,
“jwt_client_base_field”: “”,
“jwt_policy_field_name”: “”,
“jwt_default_policies”: null,
“jwt_issued_at_validation_skew”: 0,
“jwt_expires_at_validation_skew”: 0,
“jwt_not_before_validation_skew”: 0,
“jwt_skip_kid”: false,
“jwt_scope_to_policy_mapping”: null,
“jwt_scope_claim_name”: “”,
“notifications”: {
“shared_secret”: “”,
“oauth_on_keychange_url”: “”
},
“enable_signature_checking”: false,
“hmac_allowed_clock_skew”: 0,
“hmac_allowed_algorithms”: null,
“request_signing”: {
“is_enabled”: false,
“secret”: “”,
“key_id”: “”,
“algorithm”: “”,
“header_list”: null,
“certificate_id”: “”,
“signature_header”: “”
},
“base_identity_provided_by”: “”,
“definition”: {
“location”: “header”,
“key”: “x-api-version”,
“strip_path”: false
},
“version_data”: {
“not_versioned”: true,
“default_version”: “”,
“versions”: {
“Default”: {
“name”: “Default”,
“expires”: “”,
“paths”: {
“ignored”: null,
“white_list”: null,
“black_list”: null
},
“use_extended_paths”: true,
“extended_paths”: {},
“global_headers”: {
“X-Real-IP”: “$tyk_context.headers_X-Real-IP”,
“X-Tyk-Real-IP”: “$tyk_context.remote_addr”,
“X-Tyk-X-Forwarded-For”: “$tyk_context.headers_X_Forwarded_For”
},
“global_headers_remove”: null,
“global_response_headers”: null,
“global_response_headers_remove”: null,
“ignore_endpoint_case”: false,
“global_size_limit”: 0,
“override_target”: “”
}
}
},
“uptime_tests”: {
“check_list”: null,
“config”: {
“expire_utime_after”: 0,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
},
“recheck_wait”: 0
}
},
“proxy”: {
“preserve_host_header”: false,
“listen_path”: “/CloudGateway/rest/”,
“target_url”: “https://ip-10-10-31-38.ap-southeast-1.compute.internal:8443”,
“disable_strip_slash”: false,
“strip_listen_path”: false,
“enable_load_balancing”: false,
“target_list”: null,
“check_host_against_uptime_tests”: false,
“service_discovery”: {
“use_discovery_service”: false,
“query_endpoint”: “”,
“use_nested_query”: false,
“parent_data_path”: “”,
“data_path”: “”,
“port_data_path”: “”,
“target_path”: “”,
“use_target_list”: false,
“cache_timeout”: 0,
“endpoint_returns_list”: false
},
“transport”: {
“ssl_insecure_skip_verify”: false,
“ssl_ciphers”: null,
“ssl_min_version”: 0,
“ssl_max_version”: 0,
“ssl_force_common_name_check”: false,
“proxy_url”: “”
}
},
“disable_rate_limit”: false,
“disable_quota”: false,
“custom_middleware”: {
“pre”: null,
“post”: null,
“post_key_auth”: null,
“auth_check”: {
“name”: “”,
“path”: “”,
“require_session”: false,
“raw_body_only”: false
},
“response”: null,
“driver”: “”,
“id_extractor”: {
“extract_from”: “”,
“extract_with”: “”,
“extractor_config”: null
}
},
“custom_middleware_bundle”: “”,
“cache_options”: {
“cache_timeout”: 0,
“enable_cache”: false,
“cache_all_safe_requests”: false,
“cache_response_codes”: null,
“enable_upstream_cache_control”: false,
“cache_control_ttl_header”: “”,
“cache_by_headers”: null
},
“session_lifetime”: 0,
“active”: true,
“internal”: false,
“auth_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
},
“session_provider”: {
“name”: “”,
“storage_engine”: “”,
“meta”: null
},
“event_handlers”: {
“events”: null
},
“enable_batch_request_support”: false,
“enable_ip_whitelisting”: true,
“allowed_ips”: [“18.142.155.240”],
“enable_ip_blacklisting”: false,
“blacklisted_ips”: null,
“dont_set_quota_on_create”: false,
“expire_analytics_after”: 0,
“response_processors”: null,
“CORS”: {
“enable”: false,
“allowed_origins”: null,
“allowed_methods”: null,
“allowed_headers”: null,
“exposed_headers”: null,
“allow_credentials”: false,
“max_age”: 0,
“options_passthrough”: false,
“debug”: false
},
“domain”: “”,
“certificates”: null,
“do_not_track”: false,
“tags”: null,
“enable_context_vars”: true,
“config_data”: null,
“tag_headers”: null,
“global_rate_limit”: {
“rate”: 0,
“per”: 0
},
“strip_auth_data”: false,
“enable_detailed_recording”: false,
“graphql”: {
“enabled”: false,
“execution_mode”: “”,
“version”: “”,
“schema”: “”,
“type_field_configurations”: null,
“playground”: {
“enabled”: false,
“path”: “”
},
“engine”: {
“field_configs”: null,
“data_sources”: null
}
}
}
[root@ip-10-10-31-38 apps]# cloudgatewayhttpbasicauth.json

Hi,

This issue may be related to some of the headers built up by the surrounding network appliances for the incoming connection, and this can affect how the source ip is determined within the gateway.

I’ve uploaded a simple API Definition here which uses httpbin.org as an upstream, this includes adding headers to display IP information related to your connection.

Can you please import this API into your gateway and call the API using curl, the output would be helpful to diagnose your issue.

If you wish to obfuscate any of the IP address please change the numbers to a single character (so 123.123.123.123 becomes x.x.x.x), this will keep the structure of the fields the same so we can try and figure out whats happening.

Thanks!

Best Regards,
Chris

I need to add IP whitelisting configuration right?

No, we’re trying to examine the data which is submitted to the gateway via HTTP Headers, and is employed when whitelisting examines the source IP. For the purposes of diagnosis the API I uploaded does need whitelisting enabled.

Best Regards,
Chris

HI,

The api definition, you shared is working fine:

curl http://ec2-18-142-155-240.ap-southeast-1.compute.amazonaws.com:8080/httpbin/
{
“error”: “access from this IP has been disallowed”
}

I am not able to access from other IP, can you Please suggest what’s missing in the API definition which I created.

That isn’t what I expected, there was not whitelist or blacklist specified in the API, it was not intended for you to add a whitelist configuration to the API, I wanted to see the results of the call from the API as-is.

To give you some background, the whitelist IP function calculates the source IP using a few methods, trying one after another (the calculated value is held in the request context variable and reused if needed):

  • The value of the X-Real-IP header
  • The first value in the list of IPs included in the X-Forwarded-For header
  • The address of the peer device connecting to the Gateway

You can even review this functionality, as RealIP() can be seen in GitHub as part of the gateway project.

Since the first two attempts are derived from incoming HTTP headers, the API I offered exposes the relevant headers to examine the values. I don’t believe you are using the IP Whitelisting incorrect, so therefore examining the data that feeds into the IP Whitelisting check is the next step. If you call the API I uploaded without adding any Whitelisting or Blacklisting it adds the headers to the request, and the httpbin response will include this information, and it can be determined if the value supplied is relevant and causing the Whitelist IP functionality to act abnormally for you.

Best Regards,
Chris

Ooh Ok, Actually I enabled IP whitelisting explicitly. So it was working.

Now I removed IP white listing and deployed the API again and below is the output of the curl with -v

[root@ip-10-10-31-38 apps]# curl -v http://ec2-18-142-155-240.ap-southeast-1.compute.amazonaws.com:8080/httpbin/

GET /httpbin/ HTTP/1.1
User-Agent: curl/7.29.0
Host: ec2-18-142-155-240.ap-southeast-1.compute.amazonaws.com:8080
Accept: /

< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Content-Length: 9593
< Content-Type: text/html; charset=utf-8
< Date: Tue, 02 Nov 2021 13:18:42 GMT
< Server: gunicorn/19.9.0
< X-Ratelimit-Limit: 0
< X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 0
<

httpbin.org html { box-sizing: border-box; overflow: -moz-scrollbars-vertical; overflow-y: scroll; }
    *,
    *:before,
    *:after {
        box-sizing: inherit;
    }

    body {
        margin: 0;
        background: #fafafa;
    }
</style>
        <symbol viewBox="0 0 20 20" id="locked">
            <path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"
            />
        </symbol>

        <symbol viewBox="0 0 20 20" id="close">
            <path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"
            />
        </symbol>

        <symbol viewBox="0 0 20 20" id="large-arrow">
            <path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"
            />
        </symbol>

        <symbol viewBox="0 0 20 20" id="large-arrow-down">
            <path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"
            />
        </symbol>


        <symbol viewBox="0 0 24 24" id="jump-to">
            <path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z" />
        </symbol>

        <symbol viewBox="0 0 24 24" id="expand">
            <path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z" />
        </symbol>

    </defs>
</svg>


<div id="swagger-ui">
    <div data-reactroot="" class="swagger-ui">
        <div>
            <div class="information-container wrapper">
                <section class="block col-12">
                    <div class="info">
                        <hgroup class="main">
                            <h2 class="title">httpbin.org
                                <small>
                                    <pre class="version">0.9.2</pre>
                                </small>
                            </h2>
                            <pre class="base-url">[ Base URL: httpbin.org/ ]</pre>
                        </hgroup>
                        <div class="description">
                            <div class="markdown">
                                <p>A simple HTTP Request &amp; Response Service.
                                    <br>
                                    <br>
                                    <b>Run locally: </b>
                                    <code>$ docker run -p 80:80 kennethreitz/httpbin</code>
                                </p>
                            </div>
                        </div>
                        <div>
                            <div>
                                <a href="https://kennethreitz.org" target="_blank">the developer - Website</a>
                            </div>
                            <a href="mailto:[email protected]">Send email to the developer</a>
                        </div>
                    </div>
                    <!-- ADDS THE LOADER SPINNER -->
                    <div class="loading-container">
                        <div class="loading"></div>
                    </div>

                </section>
            </div>
        </div>
    </div>
</div>


<div class='swagger-ui'>
    <div class="wrapper">
        <section class="clear">
            <span style="float: right;">
                [Powered by
                <a target="_blank" href="https://github.com/rochacbruno/flasgger">Flasgger</a>]
                <br>
            </span>
        </section>
    </div>
</div>



<script src="/flasgger_static/swagger-ui-bundle.js"> </script>
<script src="/flasgger_static/swagger-ui-standalone-preset.js"> </script>
<script src='/flasgger_static/lib/jquery.min.js' type='text/javascript'></script>
<script>

    window.onload = function () {


        fetch("/spec.json")
            .then(function (response) {
                response.json()
                    .then(function (json) {
                        var current_protocol = window.location.protocol.slice(0, -1);
                        if (json.schemes[0] != current_protocol) {
                            // Switches scheme to the current in use
                            var other_protocol = json.schemes[0];
                            json.schemes[0] = current_protocol;
                            json.schemes[1] = other_protocol;

                        }
                        json.host = window.location.host;  // sets the current host

                        const ui = SwaggerUIBundle({
                            spec: json,
                            validatorUrl: null,
                            dom_id: '#swagger-ui',
                            deepLinking: true,
                            jsonEditor: true,
                            docExpansion: "none",
                            apisSorter: "alpha",
                            //operationsSorter: "alpha",
                            presets: [
                                SwaggerUIBundle.presets.apis,
                                // yay ES6 modules ↘
                                Array.isArray(SwaggerUIStandalonePreset) ? SwaggerUIStandalonePreset : SwaggerUIStandalonePreset.default
                            ],
                            plugins: [
                                SwaggerUIBundle.plugins.DownloadUrl
                            ],

        // layout: "StandaloneLayout"  // uncomment to enable the green top header
    })

    window.ui = ui

    // uncomment to rename the top brand if layout is enabled
    // $(".topbar-wrapper .link span").replaceWith("<span>httpbin</span>");
    })
})

}




            <h2>Other Utilities</h2>

            <ul>
                <li>
                    <a href="/forms/post">HTML form</a> that posts to /post /forms/post</li>
            </ul>

            <br />
            <br />
        </div>
    </section>
</div>

Please suggest further.