I have a proxy that can be consumed by external systems as well as internal proxies utilizing proxy chaining (LocalTargetConnection).
I want to identify all the requests originating through proxy chaining, so I can bypass the authentication mechanism for the internal requests.
Please recommend parameters or mechanisms through which I can identify requests' origin.
I can see that in the case of LocalTargetConnection call virtualhost.ip and proxy.client.ip get populated with 127.0.0.1 , but is it a concrete behavior or best way to identify.
Please recommend the best practices, so the solution can be robust to future Apigee upgrades.
Infrastucture - Apigee Cloud
Thanks in Advance !!!
Solved! Go to Solution.
proxy.client.ip is a good way to do it.
like Dino wrote, proxy.client.ip is basicaly XFF. because you using 'chaining' -> it goes via 'localhost' of the RMP directly, so you see the 127.0.0.1, as Apigee works against it self, basically. I can suggest you to pass internal header (custom one) from original proxy before you using the chaining and catch it later.
see here:
"If your second proxy must be secured against direct client requests, consider adding logic to have your second proxy examine the IP address of the client. In the case of a call made via chaining, the IP address will be local."
proxy.client.ip is a good way to do it.
like Dino wrote, proxy.client.ip is basicaly XFF. because you using 'chaining' -> it goes via 'localhost' of the RMP directly, so you see the 127.0.0.1, as Apigee works against it self, basically. I can suggest you to pass internal header (custom one) from original proxy before you using the chaining and catch it later.
see here:
"If your second proxy must be secured against direct client requests, consider adding logic to have your second proxy examine the IP address of the client. In the case of a call made via chaining, the IP address will be local."