Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy endpoint validation API in API Gateway #7677

Open
dushaniw opened this issue Mar 10, 2020 · 1 comment
Open

Deploy endpoint validation API in API Gateway #7677

dushaniw opened this issue Mar 10, 2020 · 1 comment

Comments

@dushaniw
Copy link
Contributor

dushaniw commented Mar 10, 2020

Describe your problem(s)

Currently, the API endpoint validation (https://localhost:9443/api/am/publisher/v1.0/apis/validate-endpoint?endpointUrl='') in the Publisher portal takes place via a direct HTTP Head call initiated from the Publisher node. This can be further improved by routing this request through the Gateway node, even though the original behavior is the intended.

Describe your solution

Make endpoint validation request goes through WSO2 API Gateway.

How will you implement it

Deploy the API "ValidateEndpoint" by default for each tenant in API Gateway. If needed, provide admin users with the capability to set rate-limiting as well, so that request bursting will be prevented.


@sholto1337
Copy link

This has now assigned CVE-2020-13226.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants