Don't allow direct calls to Microservices. Only allow through API Gateway

Question

Maybe this is a strange question (I\'m new with Microservices). But I\'m looking for some info on how proceed with this. Does not need to be Spring specific, but that\'s the

Answer 1

Assuming that you have a firewall in place, you could restrict inbound traffic to server to the ports that your Zuul endpoints are exposed on and disallow anyone from accessing the microservices' ports directly.

If you want to avoid going the firewall route, you could force the endpoints to check for a specific HTTP header or something that is set by Zuul prior to forwarding a request, but that would be hacky and easy to circumvent. Based on my past experiences, the "right" way would be to do this via a firewall. Your app should be responsible for dealing with requests. Your firewall should be responsible for deciding who can hit specific endpoints.