Limit exposure of whitelisted methods to specific IP

rtdany10 · June 17, 2021, 6:19am

My ERPNext instance is accessible over internet and also communicates with another system of mine over a VPN. Only the communication with the another system is routed over the VPN, rest all goes over the internet.

Now, I have an whitelisted method made only for the use of the system connected over the VPN. How can I limit the exposure of that specific API endpoint so that nobody on the internet will be able to access it while the system connected through VPN gets to access it?

revant_one · June 17, 2021, 6:48am

check ip from request headers (frappe.local.request_ip)
site_config.witelisted_ips = []
if frappe.local.request_ip not in whitelisted_ips: frappe.throw(_(“Invalid IP”))

rtdany10 · June 17, 2021, 7:04am

Thanks @revant_one.

I hope frappe.local.request_ip is spoof proof.
Maybe this could be incorporated as a parameter in frappe.whitelist decorator itself!
Thank you once again