This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How can we avoid making calls at runtime to RMP localhost endpoints from Service Callout policy ?

Posted on 05-31-2018 12:17 AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

We found that it is possible to connect to the local loopback address using the Service Callout in our Private Cloud setup. Here's the Service Callout policy:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ServiceCallout async="false" continueOnError="false" enabled="true" name="SCLoopBackAddress">
    <DisplayName>SCLoopBackAddress</DisplayName>
    <Properties/>
    <Request clearPayload="true" variable="myRequest">
        <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    </Request>
    <Response>calloutResponse</Response>
    <HTTPTargetConnection>
        <Properties/>
        <URL>http://127.0.0.1:8082/</URL>
    </HTTPTargetConnection>
</ServiceCallout>

Could you please let know any configuration settings that can be applied to prevent the service callout policy to access or to connect to the local loopback address ?

Solved Solved
0 1 135
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

After investigating for sometime, figured out that the following two properties in /opt/apigee/edge-message-processor/conf/http.properties file were set to false somehow on the Message Processors:

# prevent the http client from making local connections.
HTTPClient.block.localhost.connections=false
HTTPClient.block.sitelocal.connections=false

Setting these properties to false allows you to make local connections from the API Proxy.

We set these properties back to true and restarted the Message Processors.

# prevent the http client from making local connections.
HTTPClient.block.localhost.connections=true
HTTPClient.block.sitelocal.connections=true

After this change, we were not allowed to make any local calls from API Proxy. We started getting the following error when we attempted to make calls to loopback address through Service Callout policy:

{"fault":{"faultstring":"Execution of ServiceCallout t failed. Reason: Host not reachable","detail":{"errorcode":"steps.servicecallout.ExecutionFailed"}}}

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
adevegowda
Staff
Reply posted on --/--/---- --:-- AM

After investigating for sometime, figured out that the following two properties in /opt/apigee/edge-message-processor/conf/http.properties file were set to false somehow on the Message Processors:

# prevent the http client from making local connections.
HTTPClient.block.localhost.connections=false
HTTPClient.block.sitelocal.connections=false

Setting these properties to false allows you to make local connections from the API Proxy.

We set these properties back to true and restarted the Message Processors.

# prevent the http client from making local connections.
HTTPClient.block.localhost.connections=true
HTTPClient.block.sitelocal.connections=true

After this change, we were not allowed to make any local calls from API Proxy. We started getting the following error when we attempted to make calls to loopback address through Service Callout policy:

{"fault":{"faultstring":"Execution of ServiceCallout t failed. Reason: Host not reachable","detail":{"errorcode":"steps.servicecallout.ExecutionFailed"}}}
Jump to Solution
0 Likes