I have a MULE application. It consist of a Flow like below:
<flow name="article_list">
<http:inbound-endpoint address="http://localhost:8000/jcore/article/list" />
<component class="com.joshlabs.jcore.article.ArticleList" />
</flow>
Now as it can be seen it runs on "localhost".
But everybody is able to access it through my local IP (only if we are on same network). But I don't want that anybody to use these services. How can I prevent this?
Different options:
Use a firewall (the easiest),
Protect the HTTP endpoint with Mule/Spring security,
If your machine has several IPs, bind the endpoint to an IP that isn't reachable from other machines.
Related
Anyone can tell me what kind of service fits on this use case below:
I want to expose a public IP that receive HTTPS/HTTP requests and forward the traffic to my services I have in on-prem.
Looking for Azure, AWS, etc, etc, are there some service that serve to my problem?
Regards...
If you are using using Azure and you want HTTPS based request to be sent to your backend APIs (which can be on prem or on any cloud) you can check for Azure API Management (APIM).
You can use the APIM with or without VNET.
APIM can be used in External Mode if you want to integrate a VNET to perform data plane operations which will expose a Public IP as well as a Gateway URL which you can be used to send HTTPS traffic.
Reference:
https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet?tabs=stv2
https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts#scenarios
Additionally, you can also check out Application Gateway
Reference:
https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway
Basically my problem is I want to do following things :
Develop a web service on work space
Now give demo of that web service usage from my AWS works space by a public IP like
http://172.23.0.1:8090
I want an IP for my workplace by which I can access web app or web service hosted locally on that machine to be accessed from any where from internet.
Is that possible if not then tell me alternative ?
Below are the steps that you should follow:
Select Assign Public IP while creating the new instance
In the assigned Security Group settings, open the port 8090 for 0.0.0.0 (means accessible for all) along with the protocol you will be using (TCP, UDP, etc)
Application is not coming up on ELB but is coming up fine when tried on EC2 instance locally.
I have created a new AMI with tomcat 7.0.70 installed and deployed my stack. But then ELB did not register instances on HTTPS:443 (using self signed cert using openssl). When changed healthcheck to TCP:443, the instances got registered over ELB (inService) but issue remains.
When tried to curl over load balancer url, it throws connection timed out. I have redirection set in tomcat's server.xml to redirect all http connections coming to EC2 instance to https as below:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="yyy" keystorePass="xxx" clientAuth="false" sslProtocol="TLS" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
No other configuration changes have been done and these setting have been working fine for all my old AMI's with tomcat 7.0.68. Nothing relevant is coming up in ELB Access logs.
Has anyone faced this issue before?
Appreciate any help on this!
I followed the official guide to set up a cluster (Clustering AS 5.3.0)
(https://docs.wso2.com/display/CLUSTER420/Setting+up+a+Cluster).
But eventually, I could not reach the management page with https://localhost:9443/carbon, and the browser redirect to https://localhost/carbon/admin/login.jsp, but getting"ERR_CONNECTION_REFUSED"
[PRODUCT_HOME]/repository/conf/carbon.xml
<HostName>PCSKY01347</HostName>
<MgtHostName>PCSKY01347</MgtHostName>
[PRODUCT_HOME]/repository/conf/tomcat/catalina-server.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9763"
proxyPort="80"
...
/>
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
proxyPort="443"
...
/>
NOTE:
I do not setup the load balancer.
While server starting, I'm not getting any error message. And display member joined message in console.
'proxyPort' needs to be added in catalina-server.xml only if the fronted by a load balancer.
In this case, it is not required.
Therefore removing 'proxyPorts' should allow you to access the management console.
Is there a 'quick and dirty' way of funnelling calls to a web service via a certain IP address? Possibly in code (C#)?
I'm working on this Azure website (PaaS no VM) that's got it's own domain secured by SSL.
e.g. myapp.azurewebsites.net -> https://myapp.com
The system is using a 3rd party web service that uses whitelisted IPs for access control. Unfortunately they are not happy whitelisting the standard Azure egress IPs.
So what I need to do is find a way to call that web service via our own IP address (the one that came with the domain name package).
If possible, only that traffic, not all outgoing.
I've come across several solutions but I’d rather not want to compromise the stability of the production website by experimenting with App Service Environment.
I think the scenario being asked about is outbound calls from an app running on Azure App Service (aka Azure Websites), to an external endpoint.
In that scenario, the outbound calls from the web app are NAT'd using a pool of IP addresses allocated for the App Service scale unit that is running your app.
Using the "preview" portal (portal.azure.com), drill into the website blade for your app and click through "All settings" --> "Properties". In the properties blade that appears, there is a textbox called "OUTBOUND IP ADDRESSES". Those are the values you need to give to the third party provider to whitelist.