cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identify IP Address calling oData service

former_member299901
Explorer

on ‎09-07-2015 3:34 PM

0 Kudos

Hi Guru's

I have a need to ensure that an Odata service is only called by one IP address. 

We use Layer7 as our runtime governance of service calls and the Odata service I want to expose contains "confidential" data so I need to ensure that the call has been made by Layer 7.  For me the best way to do this is to identify the IP address of the server calling my service - I am just not sure how one does this.

Regards

Dave Cuff

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

kammaje_cis
Active Contributor
‎09-07-2015 4:58 PM
0 Kudos

David,

This sounds to me like infrastructure security requirement. IMO, Gateway is not the right place to implement it, rather you should reply on network firewalls. When you expose your Gateway system to external, there will be firewalls involved, and they will have capability to do such things. So I would suggest to contact your infra/network-security teams.

Let us know how it went.

Regards

Krishna

Show replies
Show replies
former_member299901
Explorer
‎09-08-2015 1:34 PM
0 Kudos

Hi Krishna

Thank you for your response.

We do already have firewalls in place to protect the SAP system however if I expose this Odata service I need to ensure that only the one IP address is allowed to consume it.  Many other IP addresses will be able to consume other less sensitive Odata services. This is why I am looking at being able to identify the calling IP address from within the service itself.

Regards

Dave Cuff

EkanshCapgemini
Active Contributor
‎09-10-2015 5:46 AM
0 Kudos

Hi David,

As Krishna suggested, your case can be configured at the firewall level which is also the best place for this. Suppose you have service ZSENSITIVE_SRV which you want to restrict and there are other services like ZOTHER1_SRV, ZOTHER2_SRV.

We should be able to set up some rules at the firewall at URL level so that only particular ip is allowed to access ZSENSITIVE_SRV and while all others services can be less restricted.

Please check with the IT team.

Regards,

Ekansh

Ask a Question