How to allow box api source IP at firewall
Answered
Hi folks!
In box community, there is a document about "Configuring A Firewall For Box Applications".
But it is described with FQDN and domain based and there is no description about IP addresses.
But most of Firewall, such as iptables, cisco ASA FW, etc.. use IP addresses for allow access.
Then I find IP addresses within my Nginx log files, which send POST data from Box API.
Next I search that which network the issued IP is belonging and I find it.
Box.com have AS number as AS33011.
The issued IP is included that AS.
So, is it possible to limit IP prefixes in AS33011?
Here is detailed info.
https://bgp.he.net/AS33011#_prefixes
Sincerely,
Shinichi
-
Hello ,
in our company we have different countries that have configured it in different ways., and one of them requested the IP List (that box provided kindly) and configured the full list. That was not a good approach.
We faced a minor issue last year when a BOX server was down and a new one was added. That new one had a new IP not on the list given months earlier. So for some users on that country some functionality was not available.
That's the reason BOX does not encourage the usage of IP whitelisting as it can change at any moment.
Regards
-
Hi LoCortes-san,
Thanks for your reply.
I will ask to my sales contact about IP list.About IP address based access control, maintaining access control list up-to-date is user's responsibility, it is not service providers responsibility.
About BOX servers issue, my concern is that new added IPs are properly noticed or not.
Because my backend operations are partly automated and it is possible to change backend configuration up-to-date automatically based on some kind of notifications.I will expect that API have such kind of notification feature of new IP addresses in the future.
Sincerely,
Shinichi
Post is closed for comments.
Comments
3 comments