Endpoints and api key ip address restriction
2,627 views
Skip to first unread message
ton...@gmail.com
Mar 16, 2017, 12:24:56 AM3/16/17
to Google Cloud Endpoints
I have a Endpoint API setup with app engine flexible backend.
I'm adding api key restriction, which is working fine if there is no restriction for the api key.
I'm trying to add IP address restriction with my client public IP address. But when I call the API with the API key, I got "IP address blocked" message.
How to setup the IP address restriction? What is the correct IP address to put in the list to allow pass through?
Thanks,
Tong
Sepehr Ebrahimzadeh
Mar 16, 2017, 1:03:36 PM3/16/17
to Google Cloud Endpoints, ton...@gmail.com
Hi Tong,
We are investigating this and can confirm that there's a bug in the way that the Endpoints Server Proxy identifies client IP addresses.
This leads to the API Key feature's IP address restrictions not working properly in some environments like AppEngine Flex.
We are working to fix this ASAP.
Thank you for reporting the problem! We will update the thread as soon as the issue is fixed and rolled out to production.
Regards,
Sep
Cloud Endpoints team
Tong Du
Mar 16, 2017, 2:13:06 PM3/16/17
to Sepehr Ebrahimzadeh, Google Cloud Endpoints
Hi Sep,
Hope it can be addressed soon.
Thanks,
Tong
Tong Du
Mar 16, 2017, 6:01:28 PM3/16/17
to Sepehr Ebrahimzadeh, Google Cloud Endpoints
Hi Sep,
I'm trying this domain restriction and did the following test:
- One service has a web page, python server side rendering by calling an API to get some database record. It hosted in https://<service id>-dot-<project id>.appspot.com/test
- The API got called were hosted in another service, wrapped with Endpoints, and set HTTP referrer as "*<project id>.appspot.com/*"
- But I got error message "Referer blocked."
Thanks,
Tong
ca...@novoda.com
Mar 27, 2017, 8:41:57 AM3/27/17
to Google Cloud Endpoints, sep...@google.com, ton...@gmail.com
I see similar issues where the IP that is defined is blocked by endpoint.
ca...@novoda.com
Mar 27, 2017, 10:47:19 AM3/27/17
to Google Cloud Endpoints
If I enable just 1 IP, it works. More than one and it fails.
Disclaimer: The information in this e-mail and any attachments is the property of Novoda Ltd and is confidential and may be legally privileged. This e-mail is intended solely for the person or organisation to which it is addressed. Any disclosure, copying or other use of the information by any person or organisation who is not the intended recipient is strictly prohibited and may be unlawful. If you have received this e-mail in error, please inform the sender immediately and delete/destroy this e-mail and any copies of it. Novoda Ltd has taken reasonable precautions to minimise the risk of any software viruses which may damage your systems, but we advise that you take the necessary steps to ensure that no virus contamination is suffered. Novoda Ltd does not accept any liability for any loss or damage caused by the transmission of any virus.Novoda Ltd, Company No: 347444, Registered in Scotland Registered Office: C/O Alexander Sloan, 38 Cadogan Street, Glasgow, G2 7HF, Scotland. VAT Registration Number GB 984 2525 93--
You received this message because you are subscribed to a topic in the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-cloud-endpoints/UxbUy3lIIDE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-cloud-endpoints+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/da26db7c-7a87-4050-a9fc-238f9ee260f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Regards, Carl-Gustaf Harroch | CTO @ Novoda.com
Tel: +44 (0) 7 725 721 005
Tel: +44 (0) 7 725 721 005
Disclaimer: The information in this e-mail and any attachments is the property of Novoda Ltd and is confidential and may be legally privileged. This e-mail is intended solely for the person or organisation to which it is addressed. Any disclosure, copying or other use of the information by any person or organisation who is not the intended recipient is strictly prohibited and may be unlawful. If you have received this e-mail in error, please inform the sender immediately and delete/destroy this e-mail and any copies of it. Novoda Ltd has taken reasonable precautions to minimise the risk of any software viruses which may damage your systems, but we advise that you take the necessary steps to ensure that no virus contamination is suffered. Novoda Ltd does not accept any liability for any loss or damage caused by the transmission of any virus.
Novoda Ltd, Company No: 347444, Registered in Scotland Registered Office: C/O Alexander Sloan, 38 Cadogan Street, Glasgow, G2 7HF, Scotland. VAT Registration Number GB 984 2525 93
Sepehr Ebrahimzadeh
Mar 27, 2017, 12:59:33 PM3/27/17
to Google Cloud Endpoints, ca...@novoda.com
Yes this is the same bug and we are actively working on fixing it in ESP.
Thanks,
Sep
pmaz...@quantumscape.com
Jun 22, 2017, 4:14:31 PM6/22/17
to Google Cloud Endpoints, ca...@novoda.com
I am also receiving the error "IP address blocked" on my AppEngine Flexible instance despite whitelisting my public IP address. Is this issue still active?
Dan Ciruli
Jun 27, 2017, 2:31:28 PM6/27/17
to Google Cloud Endpoints, ca...@novoda.com, pmaz...@quantumscape.com
We are investigating this now and will report back here.
pmaz...@quantumscape.com
Jul 13, 2017, 5:27:29 PM7/13/17
to Google Cloud Endpoints, ca...@novoda.com
Any updates on this issue?
Dan Ciruli
Jul 21, 2017, 2:35:16 PM7/21/17
to Google Cloud Endpoints, ca...@novoda.com, pmaz...@quantumscape.com
I've asked engineering for an update and will post the update here.
Paul Mazzuca
Jul 28, 2017, 6:41:42 PM7/28/17
to Google Cloud Endpoints, ca...@novoda.com, pmaz...@quantumscape.com
Just wanted also add that this also does not work in GKE with Google Endpoints. In the previous post, I only said that it affected AppEngine Flexible
jama...@paradigmadigital.com
Dec 20, 2017, 10:04:26 AM12/20/17
to Google Cloud Endpoints
Any update?
Dan Ciruli
Dec 20, 2017, 6:03:22 PM12/20/17
to Google Cloud Endpoints
Yes!
In a GCE and GKE, ESP takes X-Forwarded-For header with "--xff_trusted_proxy_list" option to take the real IP address.
On Wednesday, December 20, 2017 at 7:04:26 AM UTC-8, ja--...@paradigmadigital.com wrote:
And in a FLEX environment, X-User-IP is used.
Both are in production. https://github.com/cloudendpoints/endpoints-tools/pull/17 are pull request which were merged.
On Wednesday, December 20, 2017 at 7:04:26 AM UTC-8, ja--...@paradigmadigital.com wrote:
Any update?
aam044
Feb 9, 2018, 3:42:11 PM2/9/18
to Google Cloud Endpoints
Dan - is it possible that this issue is back?
I just deploy flex appengine - and as soon as set limit on API key to IPs - nothing work and error is
{
"code": 7,
"message": "IP address blocked.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "service_control"
}
]
Dan Ciruli
Feb 12, 2018, 10:32:15 AM2/12/18
to aam...@motorola.com, Google Cloud Endpoints
I've got someone in engineering looking into this now.
DC
--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/c9c40501-f0bd-4808-a41d-a0e13ddc8e2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DC
Message has been deleted
fabio.c...@gmail.com
Mar 19, 2018, 6:55:14 AM3/19/18
to Google Cloud Endpoints
Having the same problem.
Flex, IP range restriction, and getting
Flex, IP range restriction, and getting
{
"code": 7,
"message": "IP address blocked.",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "service_control"
}
]
}
My client is not impressed...
Is there any update please?
Thanks
F
Reply all
Reply to author
Forward
0 new messages