R
Railwayβ€’13mo ago
CoCa

Railway go-mux template question / Railway Headers?

I just wanted to reach out to ask a quick question about the go-mux template for Railway. This PrivateRanges middleware - are these CIDRs listed the ones for Railway? https://github.com/railwayapp-templates/go-mux/blob/main/internal/middleware/trustproxy.go#L19-L28 I'm thinking about having a Go server similar to this and I only want to accept traffic from Railway IPs, or if possible, my own Project IDs. Is there a quick list of headers / IPs / other stuff injected by Railway that I can use to validate that a request came from Railway or one of my projects? essentially I'd want to block anything not originating from a "blessed list" of my own trusted projects
6 Replies
Percy
Percyβ€’13mo ago
Project ID: N/A
Brody
Brodyβ€’13mo ago
those cidrs are cidrs for local addresses, nothing specific to railway, it's basically just saying if the request doesn't come from an IP within this list of cidrs, don't trust the request headers, aka it will only trust railways proxy to onto allow the other services within the project to communicate with your service, disable public networking and use the private network
CoCa
CoCaβ€’13mo ago
Ok thanks, I will be using the project private network within-services where possible. What I'm wondering though is I'm planning on having a REST API project that handles requests from my other Railway projects. I'd like to have a similar middleware to essentially only allow requests coming from my own projects if possible? I'm not sure if this exists but I'd imagine something like maybe an X-Railway-Project-ID header or similar or if there's a way to bridge the private network between projects? if not I can figure something out πŸ™‚
Brody
Brodyβ€’13mo ago
there's no way to bridge projects, and there's no headers that couldn't be spoofed https://utilities.up.railway.app/raw use an api key for Auth or move the service into the same project as the other services, there is egress network costs, so if you have other railway services that want to communicate they should all be in the same project where possible to cut down on network fees
CoCa
CoCaβ€’13mo ago
Ok that clears things up for me, thanks @Brody
Brody
Brodyβ€’13mo ago
no problem πŸ™‚
Want results from more Discord servers?
Add your server