Apigee local IP address for chained proxies

anuprai · 12-03-2020 02:53 AM

We are calling one proxy from another proxy in Apigee Edge using LocalTargetConnection.

API Proxy1 --> API Proxy2 with ACL --> Target

In the second proxy we have added ACL policy to allow only local connections i.e. to allow request only from Proxy1.

How can we get the Apigee local IPs which can added in ACL policy?

We are using Apigee SaaS. We have followed Proxy chaining from here.

Thanks.

agrawalneeraj43

Try 127.0.0.1

Report Inappropriate Content

You can hit the api from the other api and in second api trace do check the x forwarded for header and you will find the source of the api.

You can also do some configuration in the proxy level which is validated in the other proxy.

anuprai

Yes I can see the IP in x forwarded header in Trace but since we are working on Apigee SaaS so will that IP will always remain same or will it change.

If it is changing then from where we can get all the IPs which can be added.

dknezic

It should be 127.0.0.1

In addition to access control, you could try remove the virtual host from http proxy connection so your proxy is still deployed to the required environment but wont be accessible externally.

While this seems to work, the documentation does currently have virtual host defined as required.

Report Inappropriate Content

If you are using proxy chaining, then it will be very clear that the request will come from another proxy of same environment. But if you want to specify that from a particular proxy then I would suggest to use a particular header with ip which will be whitelisted in the second proxy and also I will suggest to have a value like api key or something related to security from the encrypted kvm which will get validated in the second api.