Is there a way to configure a postman request(Http Get, Http Post) to use the system's IP address when calling an API? say If I want to call an api
"http://localhost:8080/foo/bar", will I able to configure my computer's IP address for the request?
I have an api which works with IP whitelisting and I am not able to request a resource from the api from postman. And I am getting 403 forbidden as response from the API
The simple answer here is: no.
You can only modify your IP address to a certain extend:
Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255
Source: https://www.ibm.com/docs/en/networkmanager/4.2.0?topic=translation-private-address-ranges
If your sever however is listening on localhost and not an external target, I doubt that your IP address is causing the issue here. If so, simply add localhost to the filter or whatever part of your application is denying your request because of your IP address.
Related
I have a REST API on a Hetzner server which uses Varnish. I am trying to set up Cloudfront to use as the CDN for it. After reading around, I currently have the following setup:
Hetzner / Varnish
A main API route api.mydomain.com.
Config in Varnish for cdn-api.mydomain.com to also act as a route to the same API.
In the DNS for the domain in Hetzner, for cdn-api.mydomain.com I have
added the name servers for Route 53.
Route 53
Hosted zone called cdn-api.mydomain.com.
An A record with name prod.cdn-api.mydomain.com which points to my Cloudfront distribution.
An A record with name cdn-api.mydomain.com which points to the IP address of the server.
Cloudfront Distribution
Has the alternate domain name prod.cdn-api.mydomain.com.
Has the origin domain of cdn-api.mydomain.com
Protocol for origin is HTTP only
What I think should happen
Make a request to prod.cdn-api.mydomain.com.
Route 53 forwards to the Cloudfront distribution.
CloudFront looks to origin cdn-api.mydomain.com.
Origin cdn-api.mydomain.com looks to IP address of Hetzner.
Hetzner receives request, Varnish allows the domain through, sends back data to Cloudfront.
What actually happens
If I make a request straight to cdn-api.mydomain.com from Postman, it works if I turn off SSL.
If I turn on SSL, I get the error SSL Error: Hostname/IP does not match certificate's altnames, saying that cdn-api.mydomain.com is not on the certificates of the server.
If I make a request to prod.cdn-api.mydomain.com, I get the error Error: Exceeded maxRedirects. Probably stuck in a redirect loop. Which may be due to the same certs error.
Cloudflare
As a comparison, we have Cloudflare set up as the CDN for a different domain on the same Hetzner server. It has:
A main API route api.myotherdomain.com
In Hetzner a CNAME for cdn-api.myotherdomain.com with value cdn-api.myotherdomain.com.cdn.cloudflare.net.
In Cloudflare, an A record for cdn-api.myotherdomain.com which points to the IP address of the server.
cdn-api.myotherdomain.com is set up in Varnish as an entry point, but is not on the list of certificates of the server.
This all works fine including with SSL enabled.
It would be good to understand what I'm doing wrong here.
I am creating a voice-bot using dialogflow with google assistant. My client has provided his network access, which is not a private URL an IP instead. It is not SSL certified too. I will get two errors this time
Only public URLs are allowed and
You can use only https:// in fulfillment url when "Google Assistant" integration enabled
Any workaround for this? What are the other options I have? I can access clients API within his network only. So I cannot replace this IP address. Please advise how to proceed further.
You can use an IP address, as long as it is a public IP address. The machine doesn't need a DNS entry.
Actions on Google requires an HTTPS connection, however, using a valid certificate (ie - not self-signed). This is to protect your client and their users data.
One possible workaround is to look into a tunnel/proxy service such as ngrok. They provide a public HTTPS address that securely tunnels to an ngrok client you run on the same machine as the webhook fulfillment server. They have a free service that will change hostnames periodically, or you can subscribe to a commercial service which will give you a fixed name which you can use for the fulfillment URL.
You have to make URL https://.
you can try https://letsencrypt.org/
Actually I have database which has IP based restriction and now if I'm calling API using API Gateway Invoke URL, then got error because can't connect with database.
Question:
How do we know IP address of hosting server of API gateway.
You don't. It's a large pool of dynamic IP addresses.
You didn't mention a Lambda function in the mix, but that would be the only way that comes to mind that you could use to originate requests behind API Gateway with a static source address. The Lambda function would need to be associated with subnets whose default route points to a NAT Gateway in a VPC. The NAT Gateway always has a static IP address.
I want to send request like this:
GET https://220.181.57.217/v1/groups
Host: test.restapi.foobar.com
But got this error:
error: SSLError: hostname '220.181.57.217' doesn't match 'test.restapi.foobar.com' while doing GET request to URL: https://220.181.57.217/v1/groups
According to rfc2616: Hypertext Transfer Protocol -- HTTP/1.1, it is due to how host is determined:
If Request-URI is an absoluteURI, the host is part of the
Request-URI. Any Host header field value in the request MUST be
ignored.
If the Request-URI is not an absoluteURI, and the request includes
a Host header field, the host is determined by the Host header
field value.
The reason for using IP in request URI is: in China, mobile dns resolution is not so good. Connect API server with IP is much better.
Is there a way to accomplish it?
Thanks!
check your GET URL,whether it has any ports number after IP,whther it is http or https protocol and your REST API path.
I have this problem: In kamailio I serve multiple domains that are not actually true Internet domains. A specific pbx, when registering, has a configuration that asks for the host and domain of the registering user, and puts that in the From header along with the username:
From: <sip:username#host.domain>
But the problem is that it first tries to resolve the hostname.domain, and if it is not resolvable it does not even try to register. Is this behaviour conforming to the SIP standard?
No it's not conforming if it is doing a lookup on the From header hostname. From the RFC (section 8.1.1.3):
...it is very important that the From URI not contain IP addresses or the FQDN
of the host on which the UA is running, since these are not logical
names.
Furthermore the SIP RFC gives an example of a valid From header as sip:thisis#anonymous.invalid where the hostname is not even a valid DNS hostname.
In most cases the From header URI is to identify the person making the request as part of the SIP challenge response authentication. In some cases SIP servers will disregard the hostname part of the From URI assuming that the authentication realm is some default value.
It will be depending on SIP server's implementation.
Add "host.domain" in /etc/hosts