I have a worker that’s under the worker.example.co. Within the worker, there’s a fetch request to gql.example.co. DNS for the domain is handled by Cloudflare. The worker is obviously hosted there, but the external endpoint is an A record pointing to an external API (i.e. someapi.fly.dev).
No matter what I do, that request never fires. Not fails; it just never happens. Using the original endpoint for the API (someapi.fly.dev) works just fine. And using that API as gql.example.co works just fine outside the Worker.
The problem is specifically within the Worker; making a request from the same domain endpoint. Is there something I need to do on Cloudflare to make this work or is it simply not possible?
Routing for the Worker: worker.example.co/*
Repo with in question.
Related
I developed an application that uses Azure AD Authentication for a single tenant.
I would like to host it inside AKS, but it seems not to be possible, as described below:
The problem is that the application must be running as https if it is not in localhost, but my pod is running on http protocol (as usual). Even if my aks cluster service is running as Https, the callback uri seems like to be looking for the protocol on the pod where it's running, so it redirects the request to http://mydomain and not https://mydomain, returning the "Correlation Error" or "app id doesnt exists" (because the mapped uri was https://)
The redirect URI can not be mapped to http on Azure App as described here.
I've made it work using a certificate inside my pod on the application build using Kestrel Certificate. But it seems not to be a good solution.
Does anyone knows a more suitable workaround?
As of now there is no other solution available as we have restrictions in redirect URL as per the document you are following.
I have an API that limit 10 calls/second from an IP - Lets call this API-1
I have a webapp that consumes API-1. Lets call this WebApp-1
If I my Web App have more traffic and needs to make more calls per second than allowed, how do I design WebApp-1 call to API-1?
Some ideas of how to approach a rate limited API that come to mind:
Raise the API limits for your client key. Probably not your case but may be an option in some cases.
Create/purchase more client accounts (access keys) to the API to raise the overall rate limit. Split traffic among the keys evenly.
Cache results on the querying side (WebApp in your case). It depends on the application, but if WebApp is a browser-based application caching may not be effective as there's no shared cache between clients.
Introduce caching proxy. WebApp makes requests to the proxy which forwards them to the rate limited API. This will help with maintaining the shared cache. Some options to implement the proxy: Nginx, Varnish, AWS API Gateway, etc.
Introduce a query queue (synchronous). Again if WebApp is a browser application, you may need to put a backend service as a proxy between the WebApp and the API. Proxy would keep a steady flow of requests to the API. If there's a burst in incoming requests it would delay processing to respect API's rate limit (WebApp may have to wait longer to get an answer from the proxy). Not really scalable.
Introduce a query queue (asynchronous). WebApp sends requests to the proxy. Proxy acknowledges the receipt and returns a receipt ID. Then either the proxy makes a callback request to the WebApp when response from the API is ready or WebApp is polling the proxy to know if there's any data for a given receipt ID.
Another (obviously shady) solution is making requests from different machines and IPs. Probably not something API owner wants to see!
I currently have an API setup at
http://public_static_IP:5000/api/parameters (POST requests).
I have bought a domain from NameCheap and hosted in GoDaddy, also added SSL from Cloudflare.
I have created a URL Redirect of a subdomain(http://www.web.domain.com) to http://public_static_IP:5000, which is a webpage and it is working fine.
I did the same with another subdomain(http://www.api.domain.com) to API endpoint which is an only POST request, so when I add all parameters and send a post request to this subdomain it is giving Method not allowed.
This is very important for us as users will always be using this API service and we don't want any downtime(sometimes ISP will be down), if ISP is down we want to temporarily route to some cloud service(AWS or Google Cloud) without asking users to change their base URL always.
Thanks in advance.
I have setup load balancing server with Application request routing on IIS, it's working fine but I am facing issue with https requests, they are being redirect(301) and in post call it's losing the post data.
I have disabled SSL offloading but still the https post requests are failing and taking me to login page due to post data not being forwarded to ARR or something.
Thanks
for now, I have added * binding and that seems to be working, not sure why it doesn't work when I specify the domain name in binding. but it's sorted by problem so good for now, but will be better to know how it will work with domain name in the binding.
I have a WCF service that provides access to some data. Our client has requested that this service be limited such that a given user can only make so many calls within a certain time period. My thinking was to establish a request rate limit and issue a temporary ban to that IP address once it exceeded that limit.
However, there appears to be only one way to get the caller's IP using WCF:
var context = OperationContext.Current;
var props = context.IncomingMessageProperties;
var endpoint = props[RemoteEndpointMessageProperty.Name];
return ((RemoteEndpointMessageProperty)endpoint).Address;
This is not useful to me at all because the RemoteEndpointMessageProperty is set using the Request.UserHostAddress property of the HttpContext under which it is being served. Normally, that'd be fine, except our web services are sitting behind a load balancer which causes Request.UserHostAddress to always show the IP of the load balancer, not the original caller.
I know about using X-Forwarded-For and such, and actually already have that configured on our load balancer, but there doesn't seem to be any way for me to hook into the http request to access the headers short of setting the WCF service to operate in ASP.NET compatibility mode. Is this REALLY my only option?
You can access HTTP headers in the same way. Instead of RemoteEndpointMessageProperty you have to use HttpRequestMessageProperty. This property contains Headers name value collection so you should be able to get any HTTP header from incoming request.
How do you reliably tie up an user with an IP address specially if the user is behind an ISP NAT (or Company NAT), you will only get the ISP's public IP Address. Instead how about identifying your user using an API Key (which many majors such as Google and Twitter are doing) or by other means (such as client certificate) and then track the usage in a persistence store for throttling.
Another option would be to introduce this sort of mechanism of restrictions by IP address at network layer using firewall rules (I am not experienced by assuming it is possible)