Google Maps Key Restrictions by IP Address not working - google-maps-api-3

I am trying to restrict access to my Google Maps API account by using IP Address to set up Key Restriction. Previously I have been able to set up Key Restriction using the HTTP Referrer, but I do not seem to be able to get the same config happening using IP Addresses. I have generated a new key to use with the IP Addresses (leaving the current using HTTP Referrer in play as it works).
As an example I can access the MAPS API from localhost/* but am unable to access it from 127.0.0.1 (using the new API key with AP Address key restrictions setup). My actual website is hosted on a shared sever and using the domain name (perfectpets.com.au) with the HTTP referrer restriction all is good, but if I use the new API key with IP address restriction I get the RefererNotAllowedMapError error.
Any tips on how to get this going would be greatly appreciated.

IP address restrictions only work for web services, not the Google Maps JavaScript API v3.
From the documentation
Once restricted, a key will only work on platforms that support that type of restriction.
IP addresses (individual servers) - for use with the web service APIs.
HTTP referrers (web sites) - for use with the Web APIs.

Related

Is it possible to detect whether a request is truly from localhost or is forged to "look like" from localhost in application layer?

Based on my understanding, there are some tools that can send a request from an IP address and make the request appear to servers like from another IP address, including from localhost.
Now I have a server with a specific API that only allows requests from localhost but has some other APIs that allow requests from the internet.
The only way I can think of is to set the firewall so that any incoming packet will be blocked if the destination contains the "localhost only" API name. However this forces me to design my server in such a way that no other APIs has a substring name of the "localhost only" API. This means the "localhost only" API cannot have a short name and can be a risk if I forget this fact and/or the code is maintained by other people in the future.
Ideally, I want to distinguish whether a request truly comes from localhost at application layer and if not so block further processing of the API.
What I want to know is whether this is possible or not, in terms of networking.

How to host HTTPS API on LAN

I'm planning an API that will be used by a client on their internal office networks in multiple separate locations. Each location will have a separate instance installed.
They want it to be secure and running on HTTPS.
What I cant seem to understand how can a HTTPS certificate work when there is no externally facing fully qualified name. eg. MyApiServer.mycompany.com
Instead they will likely just be running it on a server/computer with just a hostname. ie. MyApiServer
The data being transferred is not necessarily sensitive but it places records in a sales system.
If HTTPS is not possible in this scenario whats an alternative method to secure the communication?
The server name has not to be "fully-qualified". For securing the call it will be enough to have the domain specified in URL equal to the domain name specified in certificate.
So your clients would call https://MyApiServer/endpoint in your LAN which should cause your service to provide server certificate where the subject would be MyApiServer.

How do I restrict access to a website hosted on an Azure VM to a given IP and itself?

I am doing some testing on an Azure VM and have an ASP.NET website that I wish to limit access to. The website should only be accessible from a given IP (our office) but I also want the server to be able to make requests to other websites hosted on itself.
I have successfully setup an IP and Domain Restriction for our office IP but cannot find a way to allow requests internally from itself.
Is this possible without setting up a static IP in Azure?
This question should be migrated to ServerFault, but given that there are programmatic approaches to it, I'll answer:
You need to set up Access Control Lists on the input endpoints, to specify ranges (via CIDR notation) of allowable or blocked IP addresses.
While this may be done via the portal, you may do it via the CLI:
azure vm endpoint acl-rule create [vm-name] [endpoint-name] [order] [action] [remote-subnet]
You may do this via PowerShell as well. Rough outline:
Use New-AzureAclConfig to set up a config object
Use Set-AzureAclConfig to add rules to the config
Use Get-AzureVM to retrieve the config of your given virtual machine and add the ACL config to the VM
Use Update-AzureVM to save your changes
More PowerShell details here.

Google JavaScript API v3 unauthorized on 192.168 connection

I'm working on a project that uses the Google Maps JavaScript API v3 to render directions on an integrated map.
The website it built with Jekyll and I run the server using the following command:
jekyll serve --host 192.168.2.7
The given IP address is the IP Address of the system running the server.
The reason I made it listen to that IP Address is because I want to test the application on my mobile devices, following this answer
In the API Console I whitelisted 192.168.*, so that any local connection can use the API.
However, when I go to that IP Address on my phone or computer, the API says the application is not authorized despite me having whitelisted it.
What am I doing wrong here and how can I solve it?
Jekyll serve
The --hostname flag doesn't exist. Use --host 192.168.2.7 or host: 192.168.2.7 in _config.yml. Target address will then be 192.168.2.7:4000 as 4000 is the default listening port for Jekyll webrick server.
Google API withelist
It's not necessary to white list domain, as with no domain white listed you have Any referer allowed
Google authorization
Verify that you've set your API key to something else than https://maps.googleapis.com/maps/api/js?key=API_KEY you are supposed to have something like this : https://maps.googleapis.com/maps/api/js?key=AIzaSytitittototoX7RhHn-drLRRYututu7eX2hVo
If you still have problems, you can give a repository url to have it fixed quicker.
Happy Jekyll !
192.168.2.7 is a private IP address and is not publicly accessible. To use that you will probably need to get a license.

How can I get the Url of the web site which is using my web service?

I have developed a web service and host it on my server and I would like to know who is using this web service (site Url). I tryed to use "Request.UrlReferrer" but it is not returning any thing! any suggestions/Advices?
You can't get the URL of the caller of a web service as not all callers have canonical URL's. You can however get the IP Addresses assuming that they are not behind a proxy / nat. In which case you'd get the IP of the nat / proxy.
Assuming your using an ASMX web service you can this from:
HttpContext.Current.Request.UserHostAddress
Once you have the IP Address you can try and do a reverse lookup to get the host name. I would recommend storing the IP address then writting an offline process which goes and tries to determine who owns the IP. I'm sure there are some webservices out there to help with this.
You can use Request.Url property to get all the information about the requests to your web service.
The referrer is set by the client, and the client can not set it. That is why you see nothing. If the client's are servers, then the best you can do is to get the IP of the client connection and go to that IP. If a simple setup, with no virtual hosts, then that is the "web site" that is hitting your web service.
As Josh states, the HttpRequest object is the way to go, there are a few properties on there that might help:
UserHostName - Gets the DNS name of the remote client.
UserAgent - Gets the raw user agent string of the client browser.
UserHostAddress - Gets the IP host address of the remote client.
Which might give you a bit more information to play with.

Resources