AppEngine Cron Verification IP Address

Question

I have an AppEngine Node.js application running in a standard environment, and I'm having some trouble with cron verification. The docs say that you can verify that the IP address comes from 0.1.0.2. In the request logs I can see that the request IP is 0.1.0.2; however, in my fastify request object, request.ip is 127.0.0.1. Anyone know what could be happening here?

I was thinking that maybe there's some sidecar like nginx that is accepting the requests, but in that case, I would expect to x-forwarded-for to be defined, but it's not.

score 0 · Answer 1 · answered Nov 25 '22 at 09:13

As per documentation, X-Forwarded-For value is the list of IP addresses through which the client request has been routed. You can see that the first IP (0.1.0.1) as expected, is the IP of the client that created the request. The subsequent IPs are the proxy servers that handled the request before it reached the application server (e.g.X-Forwarded-For: clientIp, proxy1Ip, proxy2Ip). Therefore, in this case the VM is seeing the remote IP from a Google Cloud internal Load Balancer address, but we do use X-Forwarded-For for things like this.

One quick solution is to only check for the X-Appengine-Cron header rather than also checking the IP address. The X-Appengine-Cron header is set internally by Google App Engine. If your request handler finds this header it can trust that the request is a cron request.

For more information, you can refer to these Stackoverflow Link1 and Link2 which may help you.

Thanks for your response. I did check x-forwarded-for, but it's not defined :( — onlyanegg, Nov 28 '22 at 16:55
Seems like your issue requires in depth analysis. please feel free to contact [google support](https://cloud.google.com/support-hub) — Sandeep Vokkareni, Nov 30 '22 at 06:59

AppEngine Cron Verification IP Address

1 Answers1