This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Identifying requests originating from LocalTargetConnection

Posted on 07-22-2021 08:11 AM
amitkumar
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have a proxy that can be consumed by external systems as well as internal proxies utilizing proxy chaining  (LocalTargetConnection).

I want to identify all the requests originating through proxy chaining, so I can bypass the authentication mechanism for the internal requests.

Please recommend parameters or mechanisms through which I can identify requests' origin.

I can see that in the case of LocalTargetConnection call virtualhost.ip and proxy.client.ip get populated with 127.0.0.1 , but is it a concrete behavior or best way to identify.

Please recommend the best practices, so the solution can be robust to future Apigee upgrades.

Infrastucture - Apigee Cloud

Thanks in Advance !!!

Solved Solved
0 2 135
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

 proxy.client.ip is a good way to do it.

View solution in original post

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

like Dino wrote, proxy.client.ip is basicaly XFF. because you using 'chaining' -> it goes via 'localhost' of the RMP directly, so you see the 127.0.0.1, as Apigee works against it self, basically. I can suggest you to pass internal header (custom one) from original proxy before you using the chaining and catch it later. 

 

see here:

https://docs.apigee.com/api-platform/fundamentals/connecting-proxies-other-proxies#chainedproxiesapi...

 

"If your second proxy must be secured against direct client requests, consider adding logic to have your second proxy examine the IP address of the client. In the case of a call made via chaining, the IP address will be local."

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

 proxy.client.ip is a good way to do it.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

like Dino wrote, proxy.client.ip is basicaly XFF. because you using 'chaining' -> it goes via 'localhost' of the RMP directly, so you see the 127.0.0.1, as Apigee works against it self, basically. I can suggest you to pass internal header (custom one) from original proxy before you using the chaining and catch it later. 

 

see here:

https://docs.apigee.com/api-platform/fundamentals/connecting-proxies-other-proxies#chainedproxiesapi...

 

"If your second proxy must be secured against direct client requests, consider adding logic to have your second proxy examine the IP address of the client. In the case of a call made via chaining, the IP address will be local."

Jump to Solution
0 Likes
Top Solution Authors
View all