I have below camel rest route. Currently all the host is able to access this route using the URL exposed.
Is there anyway I can restrict remote host to access based on the IP configured. I want to allow certain IP address to access this URL. Is there any configuration in camel available to handle this ?
rest("/api/")
.id("reset-api-route")
.get("/reset")
.to("direct:resetRoute");
With camel-netty4-http component you can have remote IP address in the headers.
However it might make more sense to make network level isolation on firewall before your application.
With camel-netty4-http you can inspect and do logic with remote IP like this:
@Override
public void configure() throws Exception {
restConfiguration()
.component("netty4-http")
.host("localhost")
.port(8000)
.bindingMode(RestBindingMode.auto);
rest("/api/")
.id("reset-api-route")
.get("/reset")
.to("direct:resetRoute");
from("direct:resetRoute")
.log("${in.headers.CamelNettyRemoteAddress}")
.choice()
.when(header("CamelNettyRemoteAddress").startsWith("/127.0.0.1:")) // localhost
.transform().constant("allowed").endChoice()
.otherwise()
.transform().constant("denied");
}
If your Camel application is running inside Spring-Boot then you can use Spring Security IP filtering. Also keep in mind that if your application is behind load balancer then depending on the load balancer you might always see the load balancer's address instead of the original caller.
