1

i have implemented a web application using 2 app engines:

  • standard for the frontend (done using flask)

  • flexible for the backend of the application, which implements some classifications on data loaded through the UI. FE and BE communicate through REST API.

I am now struggling on understading how to configure the network communication between two app engines

I would limit access to the front-end to only specific range of IPs.

If I change the "default action" to DENY, and then ALLOW internal addresses as described here, then:

  • communication from external (forbidden) addresses is CORRECTLY denied

  • BUT also the one between the two app engines!

Is there a way to have the two guys visible each other and not reachable from forbidden addresses?

Thanks

lordcenzin
  • 339
  • 3
  • 15

1 Answers1

0

It would be very useful if you provided the firewall rules you tried. I know you mentioned you followed the example, however, the priority of the rules also matter.

You said you were communicating through the REST API, which one exactly? The Backend API specifically has been deprecated and will soon be turned down completely

The Backend API is deprecated as of March 13, 2014 and will be shut down on March 13, 2019. Developers are required to migrate all backend instances to Services, otherwise the instances will no longer be manageable, and will stop serving traffic.

I highly recommend going over the documentation on how requests are routed and how to make URL Fetch calls.

With a little more information and code snippet I could attempt to reproduce your issue, however, following the documentation provided I have had no issues.

ZUKINI
  • 195
  • 2
  • 15
  • Please avoid asking for or giving clarification with an answer. When you gain [enough reputation](https://stackoverflow.com/help/privileges/comment), you will be able to comment everywhere. Until then, try to answer questions that don't require additional clarification from the asker. – Pika Supports Ukraine Jan 25 '19 at 18:11