I'm running an application inside a Docker container and need to find out if incoming HTTP requests are from the same container, the Docker Compose network, the host system, or even another machine. I want to restrict access to a specific HTTP resource, allowing only requests from the same physical machine. If a request comes from outside that machine, it should be denied. Is there a reliable and secure way to identify this by comparing IPs?
4 Answers
Focus on using firewall proxies to filter requests effectively. This is more of a networking issue rather than something your application should handle directly.
You can also restrict access on the host level when exposing ports. Instead of using something like `- 8080:8080`, you could specify `- localhost:8080:8080`, `- [host IP]:8080:8080`, or `- 127.0.0.1:8080:8080`. This way, only requests from your local machine are allowed through.
A good approach is to not expose the port at all. This could add an extra layer of security against unwanted external requests.
You might not even need to worry about this on your app's end. Instead, consider using a proxy like Envoy. With a proxy in place, only it communicates directly with your application's exposed ports. It can route requests based on your rules or reject them if they don't match your criteria.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically