--- title: Plugin interceptors --- Some plugins will register API to serve their purposes. Since these API are not added as regular [Route](admin-api.md), we can't add plugins to protect them. To solve the problem, we add a new concept called 'interceptors' to run rules to protect them. Here is an example to limit the access of `/apisix/prometheus/metrics` (a route introduced via plugin prometheus) to clients in `10.0.0.0/24`: ```shell $ curl http://127.0.0.1:9080/apisix/admin/plugin_metadata/prometheus -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -i -X PUT -d ' { "interceptors": [ { "name": "ip-restriction", "conf": { "whitelist": ["10.0.0.0/24"] } } ] }' ``` You can see that the interceptors are configured like the plugins. The `name` is the name of plugin which you want to run and the `conf` is the configuration of the plugin. Currently we only support a subset of plugins which can be run as interceptors. Supported interceptors: * [ip-restriction](./plugins/ip-restriction.md)