I am using URL Shortener API to shorten our mobile app download link. (https://www.googleapis.com/)
We have some restrictions on our server such that we don't allow unrecognized IP access.
So I would like to know what would be the IP range that googles use when the URL is shortened using this API (https://www.googleapis.com/).
This will help us to configure our security settings to allow access to these IP's
google-apis-explorer
When you say "using the URL Shortener API", are you referring to making calls to this API from your server (as in outbound traffic is IP restricted) or using the short URL to reach your server (as in inbound traffic is IP restricted)? I'll go ahead and answer both possibilities, but please clarify if these weren't what you meant.
If you're trying to allow calls to this API from your server with outbound traffic IP restricted
The URL shortener API can be called through any of Google's IP addresses. There's no way to get a list of these because they will vary by location, load balancing, etc. Plus, you wouldn't want to attempt to restrict by IP this way because whitelisting even one of Google's IP addresses would allow calls from your server to all of Google's services. This likely includes any service hosted on Google Cloud, which could be a proxy, meaning literally anything in the world could be called this way; you'd be entirely eliminating IP restrictions on your server.
If you're trying to shorten your server's URLs using this API and your server has inbound traffic IP restricted
You shouldn't need to do anything. These URLs are just domain redirects. In the end, the user ends up visiting your website (server) using its actual long URL (there's no proxying), so just whitelist the allows users' IPs and it should work.
Related
I'm using Google YouTube Data API v3 on a PHP based website and it works fine if there is no access restriction. APIs are called only from the server and not from client side.
However, if I setup a IP based restriction then all requests are blocked. It seems, that I set a wrong IP. I have already double checked the IP on my server and with ping as well and it is correct.
Any idea, what can be the problem?
Does anyone know how to easily setup https for a rest api in google compute engine ? I have currently a static ip and the api works over http but in the browser when I call it I get mixed content error because the client is server over https (firebase hosting)
Is it possible to setup https with only a static ip (and not a domain name) ?
-Jani
Is it possible to setup https with only a static ip (and not a domain
name) ?
Yes, it is possible, but since 2016 you cannot purchase an SSL certificate with a public IP address. You can use a self-signed certificate but you will have even more browser issues. Not recommended.
Possible Options:
Use your domain name (or purchase one) and use Let's Encrypt for SSL which is free and is one of your better options.
Use a different service such as Cloud Run, Cloud Functions, Firebase or App Engine which offers SSL and does not require a domain name that you own as you can use Google's endpoint.
Attach a Google Load Balancer in front of your Compute Engine instance and configure a front end with a Google Managed SSL certificate. However, this will require a domain name.
If you do not want to use your own domain name, then option #2 is your only choice.
To setup https for a rest api in google compute engine:
1- You have to buy a domain
2- You have to buy an SSL certificate
3- create a load balance resource in Google Cloud to which I assign the domain and the certificate
4- You can install the certificate to the server directly
If you want to use https over IP instead of domain, please follow click here
When using IP restrictions for the Geocode API, what IP address should I put there? The IP address returned by a Google search of "What is my I.P."? Or the I.P address of the server where the application/website files are hosted?
I have a website under inMotion Hosting and I tried to put their i.p as in the restrictions, but that doesn't seem to work.
I don't think I have to put the internet I.P address of everybody who visits my website since I cannot know who will visit and where.
Please let me know, I'm confused
you either have to pass ...
a) the server's IP, when geo-coding server-side (PHP API) or
b) the client's IP, when geo-coding client-side (JS API).
the server's IP should be known, for the client-side IP, see this Q&A.
in principle, it's always the IP of the party which actually requests data.
I'm developing a web application using Laravel hosting on a public cloud. Now, the application can be accessed publicly on the internet via domain address. However, I want to restrict to only users who are connecting to the organization networks to be able to use the application since we do not want the application to be used at home or elsewhere.
At the moment, the organization has 2 places (2 public internet networks) where they must be able to access to the application. Both of them are using home-standard internet where IP address changes every time the internet reconnects. As we do not have static IP addresses, I cannot filter user by using IP address filter. The IP filter rule must be changed every time when the organization network reconnected.
My application already have solid authentication and authorization mechanism and, of course, the users must know this information since they must access the app for work. However, this doesn't meet the requirement.
I have thought about the VPN but it (probably) doesn't not work because if we allow user the access to the VPN, they still be able to access the VPN anywhere and use the application outside the work places. If we restrict the VPN client to access from specific IP address, then when the IP changes, the same problem occurs.
To sum up, I would like to ask for the advice on how to restrict the access of web application, hosted on public internet, to the users that are connecting from the public IP address that can change every time when the internet reconnected. The requirement may sound strange but it is as it is. Please feel free to ask for more details if you want to and have a discussions on the suggestions.
Thank you in advance.
You could setup a client for a dynamic dns service (e.g. dyndns) on the client-side.
Then you could use that on the server-side to always check against current IP using that dns.
As alternative you could bind the website to localhost only and only let it be accessed via an pubkey-enforced SSH tunnel (and make that get auto-established by a script/scheduler on the client side, on a permission level outside of the users' reach, so that they can't take the private key needed for the connection anywhere)
You can use different PHP methods and variables to detect from where the request has been originated. Just whitelist your domains and organizations, and allow only them by adding a middleware.
Additionally, you can generate a token using Laravel Passport or you can create your own mechanism, and then use that token to authenticate if the request is valid or not.
Since the IP changes, you can setup a dynamic dns or as suggested on the comment above.
We are calling Google api via https://www.googleapis.com for social login on our website. Everything works fine upto staging , however on Live server due to firewall restriction api calls are throwing socket exception.
What is the best way to configure our live server to allow connectivity to Google.
Is there a list of ip addresses . How can I make sure it's all up to date.
Note: You must be using Google Maps for Work (paid) in order to host maps on a website that is behind a firewall. Otherwise you are in breach of the terms of service.
As for configuring your firewall, Google will provide you with all of the settings that are needed. You don't need to make constant changes to keep it working.
The primary source of information for configuring your firewall is found here: https://developers.google.com/maps/documentation/business/articles/prelaunch_checklist#firewall
Configure Firewall to Allow Access to the Google Maps API Services
Why it's important: The Maps API services use a variety of domains, some which do not belong to the *google.com domain. If you are behind a restrictive firewall, it is important you understand which Maps API services use which domains.
Failure to allow access to the correct domains will cause API requests to fail, which can break your applications. For a complete listing of domains used by the Maps APIs, please consult our portal resource (login required):
Log in to the Google Enterprise Support Portal
The support portal is only available to Google Maps API for Work users.
Navigate to the "Resources" tab
Select the Resource called "List of domains used by the Google Maps API Family."
You should allow your applications to access these domains.
Please note that we do not recommend managing firewall restrictions by IP address, as the IPs associated with these domains are not static.