Hello,
What is the difference between http.net.bind.to and http.bind.to?
My fundamental request is : can we block the console from an external IP while still allowing ILP over HTTP ?
Regards,
Gabriel
Hello,
What is the difference between http.net.bind.to and http.bind.to?
My fundamental request is : can we block the console from an external IP while still allowing ILP over HTTP ?
Regards,
Gabriel
Hi Gabriel,
http.net.bind.to and http.bind.to are the same settings, only the latter has been deprecated.
Please, use http.net.bind.to.
Regarding blocking access to the web console from external IP addresses, I would use a firewall.
You can let connections through to the ILP port, and block connections to the HTTP endpoint.
Thank you for the indication about those parameters.
AFAIK ILP over HTTP is using the same port as the HTTP web console and REST API. That’s where my problem starts. Ideally, I would like to allow the ILP over HTTP but not the console and neither the REST API.
Sorry, missed that you were talking about ILP over HTTP.
It is still doable, but you will have to setup rules on the firewall based on the request URI.
URI belongs to ILP over HTTP traffic:
/write
URIs used by native InfluxDB clients (no need for these, unless you migrated from InfluxDB, and using their client to ingest data):
/api/v2/write
/ping
REST API endpoints:
/exec
/imp
/exp
There are also other endpoints used by the Web Console (on top of the REST API), and monitoring tools such as Prometheus.
I think what you could setup a firewall rule to allow requests with /write, and disable everything else. That should make it possible to ingest data using ILP over HTTP coming from outside.