Http.net.bind.to vs http.bind.to

Hello,

What is the difference between http.net.bind.to and http.bind.to?

My fundamental request is : can we block the console from an external IP while still allowing ILP over HTTP ?

Regards,
Gabriel

Hi Gabriel,

http.net.bind.to and http.bind.to are the same settings, only the latter has been deprecated.
Please, use http.net.bind.to.

Regarding blocking access to the web console from external IP addresses, I would use a firewall.
You can let connections through to the ILP port, and block connections to the HTTP endpoint.

Thank you for the indication about those parameters.

AFAIK ILP over HTTP is using the same port as the HTTP web console and REST API. That’s where my problem starts. Ideally, I would like to allow the ILP over HTTP but not the console and neither the REST API.

Sorry, missed that you were talking about ILP over HTTP.

It is still doable, but you will have to setup rules on the firewall based on the request URI.

URI belongs to ILP over HTTP traffic:
/write

URIs used by native InfluxDB clients (no need for these, unless you migrated from InfluxDB, and using their client to ingest data):
/api/v2/write
/ping

REST API endpoints:
/exec
/imp
/exp

There are also other endpoints used by the Web Console (on top of the REST API), and monitoring tools such as Prometheus.

I think what you could setup a firewall rule to allow requests with /write, and disable everything else. That should make it possible to ingest data using ILP over HTTP coming from outside.