I'm currently trying to create a website that gets data from the Clash Royale game API (https://developer.clashroyale.com) but they ask my to give an IP address for my API authorization key.
The problem is that my website is hosted on Heroku, and Heroku has several (always changing and more than 10) IP's and I can only give 4 IP addresses on Clash Royale API.
When I give my person IP address and run my code the API is fetched without any problems, but when I push my code to Heroku and open my website, I get this error message:
Invalid authorization: API key does not allow access from IP xx.xxx.xxx.xxx
Is there any way to get a single IP address from Heroku so I can use always the same for my API authorization key?
I found the answer after hours of digging into the interweb :)
I simply used a thing called "Proximo" that apparently converges all of your websites possible IP's to one; see https://devcenter.heroku.com/articles/proximo
Related
I'm using Google YouTube Data API v3 on a PHP based website and it works fine if there is no access restriction. APIs are called only from the server and not from client side.
However, if I setup a IP based restriction then all requests are blocked. It seems, that I set a wrong IP. I have already double checked the IP on my server and with ping as well and it is correct.
Any idea, what can be the problem?
I am using URL Shortener API to shorten our mobile app download link. (https://www.googleapis.com/)
We have some restrictions on our server such that we don't allow unrecognized IP access.
So I would like to know what would be the IP range that googles use when the URL is shortened using this API (https://www.googleapis.com/).
This will help us to configure our security settings to allow access to these IP's
google-apis-explorer
When you say "using the URL Shortener API", are you referring to making calls to this API from your server (as in outbound traffic is IP restricted) or using the short URL to reach your server (as in inbound traffic is IP restricted)? I'll go ahead and answer both possibilities, but please clarify if these weren't what you meant.
If you're trying to allow calls to this API from your server with outbound traffic IP restricted
The URL shortener API can be called through any of Google's IP addresses. There's no way to get a list of these because they will vary by location, load balancing, etc. Plus, you wouldn't want to attempt to restrict by IP this way because whitelisting even one of Google's IP addresses would allow calls from your server to all of Google's services. This likely includes any service hosted on Google Cloud, which could be a proxy, meaning literally anything in the world could be called this way; you'd be entirely eliminating IP restrictions on your server.
If you're trying to shorten your server's URLs using this API and your server has inbound traffic IP restricted
You shouldn't need to do anything. These URLs are just domain redirects. In the end, the user ends up visiting your website (server) using its actual long URL (there's no proxying), so just whitelist the allows users' IPs and it should work.
I'm developing a web application using Laravel hosting on a public cloud. Now, the application can be accessed publicly on the internet via domain address. However, I want to restrict to only users who are connecting to the organization networks to be able to use the application since we do not want the application to be used at home or elsewhere.
At the moment, the organization has 2 places (2 public internet networks) where they must be able to access to the application. Both of them are using home-standard internet where IP address changes every time the internet reconnects. As we do not have static IP addresses, I cannot filter user by using IP address filter. The IP filter rule must be changed every time when the organization network reconnected.
My application already have solid authentication and authorization mechanism and, of course, the users must know this information since they must access the app for work. However, this doesn't meet the requirement.
I have thought about the VPN but it (probably) doesn't not work because if we allow user the access to the VPN, they still be able to access the VPN anywhere and use the application outside the work places. If we restrict the VPN client to access from specific IP address, then when the IP changes, the same problem occurs.
To sum up, I would like to ask for the advice on how to restrict the access of web application, hosted on public internet, to the users that are connecting from the public IP address that can change every time when the internet reconnected. The requirement may sound strange but it is as it is. Please feel free to ask for more details if you want to and have a discussions on the suggestions.
Thank you in advance.
You could setup a client for a dynamic dns service (e.g. dyndns) on the client-side.
Then you could use that on the server-side to always check against current IP using that dns.
As alternative you could bind the website to localhost only and only let it be accessed via an pubkey-enforced SSH tunnel (and make that get auto-established by a script/scheduler on the client side, on a permission level outside of the users' reach, so that they can't take the private key needed for the connection anywhere)
You can use different PHP methods and variables to detect from where the request has been originated. Just whitelist your domains and organizations, and allow only them by adding a middleware.
Additionally, you can generate a token using Laravel Passport or you can create your own mechanism, and then use that token to authenticate if the request is valid or not.
Since the IP changes, you can setup a dynamic dns or as suggested on the comment above.
Hi I am having my own domain mydomain.ac.in and i am having my own server (windows 2008) and a Public static IP.
Now i want to host my site in my own server.
Please give me the step by step information to get it done.
Thanks.
You need to register your domain with some DNS hosting service (DNS provider), there is such an astronomic number of these on the web that I do not want to spam the site. Google.
Also, collocation center where you keep this server (and from where you have probably obtained that public IP) may also provide DNS services.
From the other side, any computer can be configured as the name server but this will probably not work Internet wide and can be used inside the local network only (combined with DHCP service). If there is an easy way to make this Internet wide, I would also be very interested in, but I doubt.
Your operating system is not much relevant to this question.
I registered my domain already in ernet by indian Government and I got my Public Static IP from BSNL India. I hosted my site already and i am able to access my site already using the ip. Now i want to map my domain with the server that i have so that i can access my domain using a domain name.
I tried the steps in http://www.hosting.com/support/dedicated/dns/setdns#additional.. But when i add the name server information it says cannot resolve hostname??? that s why i want to know where i am making mistake..
I once again tried the steps at http://www.hosting.com/support/dedicated/dns/setdns and got it right..Now i have updated the name server info at my domain registrar ernet and waiting for it to be updated. Thanks fo the people helped me
Okay, so we implement Recaptcha in production. We get errors because it can't reach the IP address it needs to use the service. We open a port for the IP address to reach Google. No problem. We do that and configure that IP address explicitly to work. It works great. Then, the next day, we start getting errors again because Recaptcha is using a different IP address. I can allow requests from that IP address, too, but now I'm unsettled. Where are these addresses coming from? How do I configure this to work reliably?
Recatpcha from Google can use any Google IP address and there are lots of them.
Ran this from Windows:
_netblocks.google.com text =
nslookup -type=TXT _netblocks.google.com
"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
That's all the network Google uses currently. These can change so check them often.
Google suggest allowing port 80 to all IPs outbound, this highly insecure. They recommend going through a proxy server but again that is highly insecure if your web server is an DMZ. Proxy aware trojans do exist. All that need to be done is exploit a vulnerability to execute arbitrary code and you can create reverse connection on port 80 through a proxy server to download the payload. Then it is trivial to escalate privileges and own the box. I don't mean just Windows servers but Linux as well. I've done it in lab environment on security was on. It's really easy to do.
This is the Google website I got this from:
http://code.google.com/p/recaptcha/wiki/FirewallsAndRecaptcha
I wanted to append to this answer with more recent information. The documentation that Chris is pointing to does not include all of the TXT records necessary to dig (thanks Google):
_netblocks2.google.com (IPv6 subnets)
_netblocks3.google.com (Additional IPv4 subnets)
In my particular case, the _netblocks3 entry contained 2 large /19's that made my initial rule ineffective
(I found additional references here: https://support.google.com/a/answer/60764?hl=en)
Perhaps you should be using a hostname rather than IP