Limit exposure of whitelisted methods to specific IP

My ERPNext instance is accessible over internet and also communicates with another system of mine over a VPN. Only the communication with the another system is routed over the VPN, rest all goes over the internet.

Now, I have an whitelisted method made only for the use of the system connected over the VPN. How can I limit the exposure of that specific API endpoint so that nobody on the internet will be able to access it while the system connected through VPN gets to access it?

  • check ip from request headers (frappe.local.request_ip)
  • site_config.witelisted_ips = []
  • if frappe.local.request_ip not in whitelisted_ips: frappe.throw(_(“Invalid IP”))

Thanks @revant_one.

I hope frappe.local.request_ip is spoof proof.
Maybe this could be incorporated as a parameter in frappe.whitelist decorator itself!
Thank you once again :slight_smile: