Stream Routes
API7 Gateway can function in two primary modes:
Application-Layer Proxy: In this mode, API7 Gateway acts as an intermediary for HTTP requests and responses, operating at the application layer (layer 7) of the OSI model. Routes are used to define how these HTTP requests are handled.
Stream Proxy: API7 Gateway can also function as a stream proxy, operating at the transport layer (layer 4) of the OSI model. This mode is ideal for handling protocols like TCP and UDP. For stream proxying, stream route are used to define how incoming TCP/UDP connections are routed to backend services.
A stream route in API7 Gateway allows you to filter incoming connections before forwarding them to backend services. This is particularly useful for controlling access to specific resources.
How Stream Route Works
The remote address field within a stream route configuration acts as a filter based on the client's IP address. Only requests originating from IP addresses explicitly listed in this field are allowed to pass through the route and reach the upstream service (e.g., a MySQL server).
For instance, imagine you have a MySQL server accessible only for internal use. You can create a stream route with a Remote address filter set to your company's internal IP range. This allows only connections from authorized machines within your network to access the MySQL server through the API7 Gateway.
API7 Gateway offers additional filtering options beyond client IP filtering. Fields like Server address and Server port within stream route configurations allow you to define even more granular control over incoming connections. You can specify the allowed server address and port for the upstream service, further restricting access to authorized destinations.