Google发布/订阅的IP范围是什么? [英] What is the IP range(s) of Google pub/sub?
问题描述
我有一个Google发布/订阅订阅,可将主题消息推送到AppEngine标准服务端点.
我想将对AppEngine标准服务的访问限制为用户IP,并且仍然允许来自Google Pub/sub的消息.
在AppEngine防火墙中,唯一的选择是允许某些IP范围.
Google发布/订阅的IP范围是什么?
我注意到来自Pub/Sub推送订阅的所有IP请求都来自2002:axx:xxxx::
.根据IETF RFC 3056 ,2002:::
是6to4
范围.然后,将2002:axx:xxxx::
转换为10.XXX.XXX.XXX
,这是Google在这种情况下为内部联网保留的范围.
注意:除发布/订阅"以外的其他服务可能会(在某些时候)使用范围2002:a00::/24
,10.XXX.XXX.XXX
.例如 App Engine Flexible .如果在此特定项目中无法描述来自Flexible的请求,则将其屏蔽并赋予其更高的优先级.
最后,您的防火墙条目:
10 Allow 2002:a00::/24 Pub/Sub
default Deny * The default action.
此外,在Google的问题跟踪器中为此创建了一个问题. >
I have a Google pub/sub subscription that pushes messages for a topic to an AppEngine standard service endpoint.
I want to restrict access to the AppEngine standard service to user IPs and still allow for messages coming from Google Pub/sub.
In the AppEngine firewall, the only option is to allow certain IP ranges.
What is the IP range(s) of Google pub/sub?
I've noticed that all the IP requests from Pub/Sub push subscriptions are coming from 2002:axx:xxxx::
. As per IETF RFC 3056, 2002:::
is an 6to4
range. 2002:axx:xxxx::
, then, is translated to 10.XXX.XXX.XXX
, which is an range reserved for the internal networking in this case used by Google.
Note: that other services apart from Pub/Sub might [at some point] use range 2002:a00::/24
, 10.XXX.XXX.XXX
. For example App Engine Flexible. If requests from Flexible are not describable in this particular project then you will have block it and give it a higher priority.
In the end your Firewall entries:
10 Allow 2002:a00::/24 Pub/Sub
default Deny * The default action.
Also, there is an issue created about it in Google's issue-tracker.
这篇关于Google发布/订阅的IP范围是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!