如何验证一个HTTP请求是否来自内部定时任务?

huangapple go评论57阅读模式
英文:

How to verify that an HTTP request came from an internal cron?

问题

最近我设置了一个cron进程,该进程将在我的K8实例内部发出一个对我的服务的内部请求。我现在面临的任务是保护该端点。最简单的解决方案可能是通过Authorization标头传递一个密钥,但这似乎不安全,也不是正确的方式。

有哪些正确的方法可以检测并允许对我的RESTful API的特定端点的请求?

英文:

I've recently setup a cron process that will make an internal request inside my K8 instance call my service internally. I'm now faced with the task of securing that endpoint. The simplest solution might be to pass a secret via the Authorization header but that doesn't seem safe or the proper way.

What are some correct ways to detect and allow a request to a specific endpoint on my RESTful API?

答案1

得分: 2

由于外部流量必须通过入口流量才能到达您的HTTP服务,如果流量到达用于内部定时任务的API路径,这些路径通过服务调用API,而不是通过入口流量传递,您可以添加路由到错误页面组件。

例如:

spec:
  rules:
  - host: api.domain.com
    http:
      paths:
      - backend:
          service:
            name: api-service
            port:
              number: 80
        path: /(.*)
        pathType: ImplementationSpecific
      - backend:
          service:
            name: error-page
            port:
              number: 80
        path: /api/internal/(.*)
        pathType: ImplementationSpecific
英文:

Since any traffics from outside will go through an ingress in order to reach your HTTP service, you can add a routing to an error page component if the traffics reach the API paths meant for your internal cron usage, which calls the API via the service and not going through the ingress.

For example:

spec:
  rules:
  - host: api.domain.com
    http:
      paths:
      - backend:
          service:
            name: api-service
            port:
              number: 80
        path: /(.*)
        pathType: ImplementationSpecific
      - backend:
          service:
            name: error-page
            port:
              number: 80
        path: /api/internal/(.*)
        pathType: ImplementationSpecific

huangapple
  • 本文由 发表于 2023年6月19日 09:22:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/76503130.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定