You shouldn't use a security model based on ensuring that requests come from the app engine IP block even if it were possible; literally anyone could be running malicious code on appspot making this at best marginally more secure than allowing requests from any IP. There are countless techniques for doing real authentication.
On Mar 1, 11:15 pm, Iap <[email protected]> wrote: > Hi, > > I have a back-end web service which I would only allow the requests > from my GAE application. > So I want to check the IP if it comes from the GAE urlfetch. (plus > some secret token) > From my testing, there is only one IP: "64.233.172.18" was found. > I am curious about if there are other IPs that might be used by the urlfetch? > Because that "only one" IP seems to be weird for the so-called "cloud > architecture". > Just for confirmation. > > My Test URL is:http://password-recovery.appspot.com/prs/test/urlfetchrequest > (That will fetching thehttp://remote.12dt.com/which responses the > requsting ip) > > Thanks in advance. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
