Question

Applying Access Restrictions to Unnecessary Request Handlers (endpoints) with BTP

0

A Mendix app offers various endpoints that can be used to obtain information about offered services. The paths used by these endpoints end in -doc. How can we apply access restrictons using the business technology platform. In mendix cloud you can do this within the Developer Portal. They can be found in the Environment details of your cloud node. In the BTP there is no such option available. How can we restrict access?

asked 2021-07-26

Annick Dhooge

1 answers

Fabian Recktenwald · Answer 1 · 2021-07-28

Hi,

I have never tested this, so this is a bit of an educated guess:

You can configure custom environment variables (on the Runtime tab) from the mendix BTP portal. If you configure ‘ACCESS_RESTRICTIONS’ there, it could be picked up by the mendix cf buildpack, where you can also find some documentation.

https://github.com/mendix/cf-mendix-buildpack/blob/33bbc2c7295615caad37abe0f5e6ef983ffb3e84/buildpack/nginx.py#L276

    # ACCESS_RESTRICTIONS example:
    # {
    #     "/": {'ipfilter': ['10.0.0.0/8'], 'client_cert': true, 'satisfy': 'any'},
    #     "/ws/MyWebService/": {'ipfilter': ['10.0.0.0/8'], 'client_cert': true, 'satisfy': 'all'},
    #     "/CustomRequestHandler/": {'ipfilter': ['10.0.0.0/8']},
    #     "/CustomRequestHandler2/": {'basic_auth': {'user1': 'password', 'user2': 'password2'}},
    # }

Let us know if this works, regards Fabian