GAE:通过URL提取主机标头识别防火墙中的GAE应用程序
[英]GAE: Identify GAE application in Firewall by URL Fetch Host header
问题描述
I have a server that is behind a firewall (WAF - Web Application Firewall) I'm sending a request to that server from GAE using URL Fetch. 
我有一台位于防火墙(WAF-Web应用程序防火墙)后面的服务器,我正在使用URL Fetch从GAE向该服务器发送请求。 I want to configure the firewall to accept requests only if they are coming from my GAE application. 我想将防火墙配置为仅在请求来自我的GAE应用程序时接受它们。
Any Ideas? 有任何想法吗?
I was thinking about the Host header of GAE but I don't know how it looks like. 我在考虑GAE的Host标头,但我不知道它的外观。 Maybe all requests are coming from the same domain and I can block all requests that are not coming from this domain? 也许所有请求都来自同一个域,我可以阻止所有不是来自该域的请求吗?
1 个解决方案
解决方案1
-1 2015-11-09 17:01:42
You may be able to use the X-Appengine-Inbound-Appid header mentioned in the request headers documentation , which is controlled by GAE infra: 您可以使用请求标头文档中提到的X-Appengine-Inbound-Appid标头,该标头由GAE下文控制:
For security reasons, the following headers cannot be modified by the application:
- Content-Length
- Host
- Vary
- Via
- X-Appengine-Inbound-Appid
- X-Forwarded-For
- X-ProxyUser-IP
I don't know how the value for such header looks like, but you can create a test urlfetch request to a server outside the firewall and find out by inspection of the test request on that server. 我不知道此类标头的值如何,但是您可以向防火墙外部的服务器创建测试urlfetch请求,并通过检查该服务器上的测试请求来查找。
You might want to combine such check with a source domain check against appengine.com or your own custom domain if you use one for added security. 如果您使用一种检查来提高安全性,则可能需要将这种检查与针对appengine.com或您自己的自定义域的源域检查结合使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.