This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Proxies chaining and AccessControl Policy on Apigee X

Posted on 07-06-2022 06:46 AM
ThomasDesplace
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I'm on Apigee X.
I'm trying to create a proxy to send logs from Apigee to external solution.
I have created a specific proxy which send logs and I would like to authorize only call from other proxies.
In my first proxy I add a ServiceCallout with this target :
<LocalTargetConnection>
     <APIProxy>logs-v1</APIProxy>
     <ProxyEndpoint>default</ProxyEndpoint>
</LocalTargetConnection>
In the specific proxy I add a first policy which is AccessControl :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="ac.ip-whitelist">
     <DisplayName>ac.ip-whitelist</DisplayName>
     <Properties/>
     <IPRules noRuleMatchAction="ALLOW">
          <MatchRule action="ALLOW">
               <SourceAddress mask="32">127.0.0.1</SourceAddress>
          </MatchRule>
          <MatchRule action="DENY">
               <SourceAddress mask="1">0.0.0.0</SourceAddress>
          </MatchRule>
     </IPRules>
</AccessControl>
On Apigee Edge this is OK but on Apigee X I received a 403 error from the specific proxy ...
I don't understand why it is OK on Edge and not on X (the 2 proxies are deployed on the same Org and Env).
Do you have some ideas ?
Regards

Solved Solved
0 1 184
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ThomasDesplace
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I have a solution after opened a case in Apigee Support :
- Add AccessControl Policy on your flow :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="ac.ip-whitelist">
<DisplayName>ac.ip-whitelist</DisplayName>
<Properties/>
<IPRules noRuleMatchAction="DENY">
<MatchRule action="DENY">
<SourceAddress mask="0">0.0.0.0</SourceAddress>
</MatchRule>
</IPRules>
</AccessControl>
- Add condition to execute this policy :
<Condition>client.local is null or client.local is false</Condition>
 
client.local is a new flow variable which is set true if the call from other proxy on your environnement.
 
Regards

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ThomasDesplace
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I have a solution after opened a case in Apigee Support :
- Add AccessControl Policy on your flow :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<AccessControl async="false" continueOnError="false" enabled="true" name="ac.ip-whitelist">
<DisplayName>ac.ip-whitelist</DisplayName>
<Properties/>
<IPRules noRuleMatchAction="DENY">
<MatchRule action="DENY">
<SourceAddress mask="0">0.0.0.0</SourceAddress>
</MatchRule>
</IPRules>
</AccessControl>
- Add condition to execute this policy :
<Condition>client.local is null or client.local is false</Condition>
 
client.local is a new flow variable which is set true if the call from other proxy on your environnement.
 
Regards
Jump to Solution
0 Likes
Top Solution Authors
View all