This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to restrict access to apigee url with respect to domain

Posted on 04-27-2022 10:07 AM
lipigandhi3196
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Team,

Can anyone please help me with my usecase.

I want to restrict the access to the backend if the apigee proxy is requested from different domain.

For example : If the request comes from https://clientA.com to https://myapigee.apigee.net then only the request should pass to target backend. But if the request comes from any other site to apigee, apigee should throw the error. 

But I am not sure how can I implement this. 

 

 

 

 

 

 

0 2 203
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
emarcotte
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

A request policy that raised a fault if referer was set inappropriately might work for you. I would worry if this is intended as a "security" thing that this is a work-around for a missing api key / oauth implementation though...

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Yes, any client can set the referer , therefore it cannot be used as an authenticated data item.  It's not to be used for security. 

0 Likes