We found that it is possible to connect to the local loopback address using the Service Callout in our Private Cloud setup. Here's the Service Callout policy:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ServiceCallout async="false" continueOnError="false" enabled="true" name="SCLoopBackAddress"> <DisplayName>SCLoopBackAddress</DisplayName> <Properties/> <Request clearPayload="true" variable="myRequest"> <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables> </Request> <Response>calloutResponse</Response> <HTTPTargetConnection> <Properties/> <URL>http://127.0.0.1:8082/</URL> </HTTPTargetConnection> </ServiceCallout>
Could you please let know any configuration settings that can be applied to prevent the service callout policy to access or to connect to the local loopback address ?
Solved! Go to Solution.
After investigating for sometime, figured out that the following two properties in /opt/apigee/edge-message-processor/conf/http.properties
file were set to false somehow on the Message Processors:
# prevent the http client from making local connections. HTTPClient.block.localhost.connections=false HTTPClient.block.sitelocal.connections=false
Setting these properties to false allows you to make local connections from the API Proxy.
We set these properties back to true and restarted the Message Processors.
# prevent the http client from making local connections. HTTPClient.block.localhost.connections=true HTTPClient.block.sitelocal.connections=true
After this change, we were not allowed to make any local calls from API Proxy. We started getting the following error when we attempted to make calls to loopback address through Service Callout policy:
{"fault":{"faultstring":"Execution of ServiceCallout t failed. Reason: Host not reachable","detail":{"errorcode":"steps.servicecallout.ExecutionFailed"}}}
After investigating for sometime, figured out that the following two properties in /opt/apigee/edge-message-processor/conf/http.properties
file were set to false somehow on the Message Processors:
# prevent the http client from making local connections. HTTPClient.block.localhost.connections=false HTTPClient.block.sitelocal.connections=false
Setting these properties to false allows you to make local connections from the API Proxy.
We set these properties back to true and restarted the Message Processors.
# prevent the http client from making local connections. HTTPClient.block.localhost.connections=true HTTPClient.block.sitelocal.connections=true
After this change, we were not allowed to make any local calls from API Proxy. We started getting the following error when we attempted to make calls to loopback address through Service Callout policy:
{"fault":{"faultstring":"Execution of ServiceCallout t failed. Reason: Host not reachable","detail":{"errorcode":"steps.servicecallout.ExecutionFailed"}}}
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 |