如何确保不同GAE之间的连接? [英] How to secure connection between different GAEs?
问题描述
出于某种原因,我需要使用项目A和B创建两个GAE:
For some reason I need to create two GAEs with project A and B:
- A(flex env)是受端点限制的代理服务器,并通过API密钥限制访问.
- B(标准环境)是执行实际工作的真实服务器.(B无法应用Endpoint框架)
- 客户端仅知道代理服务器地址,并将所有请求发送给A
现在,我想保护A和B之间的连接.换句话说,只能从A访问B.有什么方法可以实现? (防火墙在这里不起作用,因为GAE没有静态IP范围.)
Now I would like to secure connection between A and B. In other words, B is only accessible from A. Is there any way to achieve it? (Firewall not work here because GAE has not static IP range.)
推荐答案
如果您要确定App Engine应用的身份,即 向您的App Engine应用发出请求,您可以使用该请求 标头X-Appengine-Inbound-Appid.此标头已添加到请求中 由URLFetch服务提供,并且用户无法修改,因此安全 指示请求的应用程序的ID(如果存在).
If you want to determine the identity of the App Engine app that is making a request to your App Engine app, you can use the request header X-Appengine-Inbound-Appid. This header is added to the request by the URLFetch service and is not user modifiable, so it safely indicates the requesting application's ID, if present.
在您的应用程序处理程序中,您可以通过阅读以下内容来检查传入的ID: X-Appengine-Inbound-Appid标头并将其与ID列表进行比较 允许提出请求.
In your application handler, you can check the incoming ID by reading the X-Appengine-Inbound-Appid header and comparing it to a list of IDs allowed to make requests.
注意:仅在以下情况下调用时,才设置X-Appengine-Inbound-Appid标头 制作到appspot.com域.如果应用具有自定义域,则此 标头将不会设置.
Note: The X-Appengine-Inbound-Appid header is only set if the call is made to the appspot.com domain. If the app has a custom domain, this header will not be set.
这对于所有App Engine标准环境都应相同.
This should work the same for all App Engine standard environments.
这篇关于如何确保不同GAE之间的连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
