I have a serverless Google cloud functions endpoint that my Netlify site calls to pass data using axios requests and I was wondering if Netlify provides a list of static IP addresses or DNS that I can use to limit inbound traffic to my cloud functions to accept requests only from Netlify frontend website? I have the option on the Google cloud functions to limit requests to static IP addresses but I can’t find a list of the ones Netlify uses for outbound requests.
Hi Shane and welcome to our community!
We have no static addresses for outgoing connections at all on our service, so that won’t be a viable access control method for you on any service to limit to our calls.
We intend you to use something like an HTTP request header in a function (see https://github.com/depadiernos/token-hider-inator for an example), or use the “signed” functionality on our proxy redirects in case you don’t use a function (details here: https://docs.netlify.com/routing/redirects/rewrites-proxies/#signed-proxy-redirects) to ensure authorization.