Railway go-mux template question / Railway Headers?
I just wanted to reach out to ask a quick question about the go-mux template for Railway.
This
PrivateRanges
middleware - are these CIDRs listed the ones for Railway?
https://github.com/railwayapp-templates/go-mux/blob/main/internal/middleware/trustproxy.go#L19-L28
I'm thinking about having a Go server similar to this and I only want to accept traffic from Railway IPs, or if possible, my own Project IDs.
Is there a quick list of headers / IPs / other stuff injected by Railway that I can use to validate that a request came from Railway or one of my projects?
essentially I'd want to block anything not originating from a "blessed list" of my own trusted projects6 Replies
Project ID:
N/A
those cidrs are cidrs for local addresses, nothing specific to railway, it's basically just saying if the request doesn't come from an IP within this list of cidrs, don't trust the request headers, aka it will only trust railways proxy
to onto allow the other services within the project to communicate with your service, disable public networking and use the private network
Ok thanks, I will be using the project private network within-services where possible.
What I'm wondering though is I'm planning on having a REST API project that handles requests from my other Railway projects. I'd like to have a similar middleware to essentially only allow requests coming from my own projects if possible?
I'm not sure if this exists but I'd imagine something like maybe an
X-Railway-Project-ID
header or similar
or if there's a way to bridge the private network between projects?
if not I can figure something out πthere's no way to bridge projects, and there's no headers that couldn't be spoofed https://utilities.up.railway.app/raw
use an api key for Auth or move the service into the same project as the other services, there is egress network costs, so if you have other railway services that want to communicate they should all be in the same project where possible to cut down on network fees
Ok that clears things up for me, thanks @Brody
no problem π