I have Outbound IP range from partner system(server) whose HTTPS URL we are trying to connect to transfer files but since no APIs are involved , how to check if IP's are whitelisted or is it any way to Whitelist that IP range in anypoint Studio7 using Mule4
Not finding way to do it via Anypoint studio as my code is deployed locally and not on any CloudHub or on-premise as of now, as its just a POC
It is the other way around. The other side, which exposes the HTTPS service you are connecting to, restricts access to their service by whitelisting some IPs. If your IP, from where you connect to the service, is whitelisted, then you will be able to connect to it. If not, you might not even get an error response. It is up to the side whitelisting, which is usually the server.
Related
I am looking for guide who have experience with Interactive Brokers Client Portal API. The Interactive Brokers CLient Portal API provides a gateway service.
I have tested this IB Gateway in my local and locally it is working fine.
The gateway is running on https://localhost:5000
I want to put this service on the windows server and want to access by server ip.
for example: https://52.xx.xx.12:5000 like this
I also tried solution from this reference Running interactive brokers client portal API in cloud server but not got success
Thanks
You need to set your server IP address in IB gateway setting as a trusted IP, and you should open 5000 port in firewall as well.
We use an HTTP proxy (tinyproxy) on a dedicated machine to be able to reach legacy services from our GKE cluster with a static IP address. I'm aware that this is not the best solution, but the requirements are set by the target environment on which we have no control, and this solution works great for HTTP and SSH requests.
We now have the requirement to connect to an existing LDAP server, and in this case again do so from a static IP address. Is there a way to do this by sending requests to the LDAP server through the HTTP proxy?
LDAP and HTTP are both application layer protocols and thus incompatible. I doubt tinyproxy supports LDAP proxying out of the box, but you could use a separate LDAP proxy.
A quick search reveals a few LDAP proxy products on the market. OpenLDAP, an open source LDAP server, also can be used as a proxy. Some examples of this can be found (1, 2).
I have been reading the Openshift documentation for secured (SSL) routes.
Since I use a free plan, I can only have an "Edge Termination" route, meaning the SSL is ended when external requests reach the router, with contents being transmitted from the router to the internal service via HTTP.
Is this secure ? I mean, part of the information transmission is done via HTTP in the end.
The connection between where the secure connection is terminated and your application which accepts the proxied plain HTTP request is all internal to the OpenShift cluster. It doesn't travel through any public network in the clear. Further, the way the software defined networking in OpenShift works, it is not possible for any other normal user to see that traffic, nor can applications running in other projects see the traffic.
The only people who might be able to see the traffic are administrators of the OpenShift cluster, but the same people could access your application container also. Any administrators of the system could access your application container even if using a pass through secure connection terminated with your application. So is the same situation as most managed hosting, where you rely on the administrators of the service to do the right thing.
I have 2 web roles in a cloud service; my API and my Web Client. Im trying to setup SSL for both. My question is, do I need two SSL certificates? Do I need 2 domain names?
The endpoint for my api is my.ip.add.ress. The endpoint for my webclient is my.ip.add.ress:8080.
Im not sure how to add the dns entrees for this as there is nowhere for me to input the port number (which I have learned is because its out of the scope of the dns system).
What am I not understanding? This seems to be a pretty standard scenario with Azure Cloud Services (it is set up this way in the example project in this tutorial, for instance http://msdn.microsoft.com/en-us/library/dn735914.aspx) but I can't find anywhere that explains explicitly how to handle this scenario.
First, you are right about DNS not handling port number. For your case, you can simply use one SSL certificate for both endpoints and make the two endpoints have the same domain name. Based on which port is used by user request, the request will be routed to the correct endpoint (API vs. Web Client). Like you said this is a relative common scenario. There is no need to complicate things.
Let's assume you have one domain www.dm.com pointing to the ip address. To access your Web API, your users need to hit https://www.dm.com, without port number which defaults to 443. To access your web client, your users need to hit https://www.dm.com:8080. If you want users to use default port 443 for both web api and web client, you need to create two cloud services instead of one, then web api on one cloud service and web client on the other cloud service. Billing wise, you will be charged the same as one cloud service.
Are there any reasons you want to make 2 different domains and in turn 2 SSL certificates? If so, it is still possible. Based on your requirements, you may have to add extra logic to block requests from the other domain.
I have deployed my application on cloudbees, and was wondering how I can create a whitelist of allowed IPs which can access the application via browser requests or API requests.
Thanks
This is not possible on RUN#Cloud shared server pool.
Such IP restriction can be configured on "dedicated" servers as they provide more configuration option with isolated setup
You could write a filter (eg a servlet filter) which looks at the http://en.wikipedia.org/wiki/X-Forwarded-For header - this is the IP of the client - and filter it that way if you like.
(you have to use that header as the routing layer will provide it).