Solved: Why i am able to call resource which is not add to...

Report Inappropriate Content · 06-30-2016 05:46 AM

For example.I have api.ex.com which hosts both resources 1 and resources 2 in my server.I added resource 1 to conditional flow in my proxy.But when i am call resources 1 and i am getting resource 2 also which is not add to conditional flow in proxy.According to my knowledge resources 2 is not able to call when it is not in proxy .please let me know why its happening?

anilsr · restrictunknownresource-rev1-2016-07-01-1.zip

@Karthiknayak , I see that you haven't removed the condition in flow. Please follow the article step by step.

For your reference, I have attached a sample proxy below which demonstrates same. In my sample proxy attached below,

Target Endpoint is "http://mocktarget.apigee.net/" which has multiple resource like

Let's say i would like to allow only /json resource through my proxy to target & restrict all other resources, this is how my proxy looks like. Find proxy below.

restrictunknownresource-rev1-2016-07-01-1.zip

You can use the bundle above in your org to create a new proxy to see how it works,

http://anildevportal-test.apigee.net/myproxy/json - 200 OK - Response

http://anildevportal-test.apigee.net/myproxy/xml - 404 Unknown Resource

If your question is , How to restrict access to target directly and only allow all calls through Apigee Proxies, then you need to implement last mile security where only Apigee can talk to your backend target. You can find more about same here.

Hope it helps. Keep us posted.

View solution in original post

anilsr

@Karthiknayak ,

It's by design. Apigee Edge API Proxy acts like a reverse proxy & forwards all requests to target server. Conditional flows are used to add specific functionality based on Path / some other condition in API Proxy request / response pipeline. It doesn't mean if you add Resource A as conditional flow it restricts all other Resources. It still executes preFlow / postFlow & then hits target server.

If you would like to restrict resources other than resources defined in conditional flow, Please take a look at this article which will help you achieve same within few minutes.

Keep us posted if you have any queries.

Report Inappropriate Content

I have followed the link you have given me.I have attached Raise fault policy at proxy endpoint request conditional flow and the condition flow is attached at the end.But no change,i get response to all flows.rasie.png

anilsr · restrictunknownresource-rev1-2016-07-01-1.zip

@Karthiknayak , I see that you haven't removed the condition in flow. Please follow the article step by step.

For your reference, I have attached a sample proxy below which demonstrates same. In my sample proxy attached below,

Target Endpoint is "http://mocktarget.apigee.net/" which has multiple resource like

Let's say i would like to allow only /json resource through my proxy to target & restrict all other resources, this is how my proxy looks like. Find proxy below.

restrictunknownresource-rev1-2016-07-01-1.zip

You can use the bundle above in your org to create a new proxy to see how it works,

http://anildevportal-test.apigee.net/myproxy/json - 200 OK - Response

http://anildevportal-test.apigee.net/myproxy/xml - 404 Unknown Resource

If your question is , How to restrict access to target directly and only allow all calls through Apigee Proxies, then you need to implement last mile security where only Apigee can talk to your backend target. You can find more about same here.

Hope it helps. Keep us posted.

Report Inappropriate Content

Thank you soo much for your valuble answer its very helpful to me.

anilsr

Anytime 🙂 @Karthiknayak , Glad your query is resolved. Keep us posted moving forward if any.

Report Inappropriate Content

Thank you soo much for your valuable answer its very helpful to me.

Why i am able to call resource which is not add to conditional flow in my proxy?