Hi Team,
Can anyone please help me with my usecase.
I want to restrict the access to the backend if the apigee proxy is requested from different domain.
For example : If the request comes from https://clientA.com to https://myapigee.apigee.net then only the request should pass to target backend. But if the request comes from any other site to apigee, apigee should throw the error.
But I am not sure how can I implement this.
A request policy that raised a fault if referer was set inappropriately might work for you. I would worry if this is intended as a "security" thing that this is a work-around for a missing api key / oauth implementation though...
Yes, any client can set the referer , therefore it cannot be used as an authenticated data item. It's not to be used for security.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |