--
You received this message because you are subscribed to a topic in the Google Groups "Google Cloud Translation API" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-translate-api/4pH7bt16_hw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-translate...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-translate-api/1d7c653b-f632-44c8-bad0-b0f3b46beb59n%40googlegroups.com.
This scenario you mentioned could happen if your firewall is misconfigured to the internet, you could have some security issues. You could follow official tutorials to correctly configure the firewall with a translation API.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-translate-api/ea0e01a9-79ad-4798-ba11-dd3d11d4af75n%40googlegroups.com.
The key principle to understand: Which IPs can connect to the instance: Port being secured by IAP[1]? Connections that don't go through GCLB or TCP API aren't subject to IAP access control.
If the firewall allows connections from any other IPs, those connections are not subject to IAP. This means that if your firewall allows connection from any other IP’s it is possible to have a bypass.
You could Restrict Peer Ip’s through a Cloud VPN Tunnel[2] reducing the risk of bypassing existing security controls.
For apps hosted on Google Cloud Load Balancing, you can configure the GCE firewall to allow direct access to the backend for certain IPs.
[1]https://cloud.google.com/iap
[2]https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview#vpn-org-policy