AnswerBun.com

Exclude specific web page from access restrictions with GCP / IAP

I have a Node.js/Express web app running on the Google Cloud Platform App Engine.

I’m restricting access to this application using the Identity Aware Proxy (IAP), so that only people in my company can access the website when they are logged on to Google using their corporate accounts.

This works great, only one thing annoys me:

For the OAuth 2 client that restricts the access, I have configured the URL of a privacy and data policy page which is linked from the Google login form that is shown to users when they try to access the website.

Google login form

This privacy page is also served by my web application, so when people who are not yet logged in click on the link presented on the login form, they are asked to log in to view the privacy page, since all my web app’s pages are protected by the IAP. A chicken-and-egg type of problem.

Is there a way to exclude specific URLs from the IAP and allow access without logging in?

Server Fault Asked by Patrick Hund on December 30, 2020

1 Answers

One Answer

There's no exception you're asking about - at least there's no exception to that rule anywhere mentioned.

However you have several workarounds; you can:

  1. run second app in GAE just to serve your "policy rules" (pointless ??)
  2. serve static webpage with policy from a GCP VM (an overkill)
  3. serve policy from a GCP bucket (it would be my choice)
  4. serve policy from a 3rd party webserver (2nd best solution IMHO)

All of those solution require setting up a External HTTPS load balancer and use of Forwarding Rules to send all request for viewing policy to a proper endpoint.

Correct answer by Wojtek_B on December 30, 2020

Add your own answers!

Related Questions

DNS hung on old resolver

1  Asked on December 30, 2021 by hokie1999

 

Determine outbound https requests underlying TLS version

0  Asked on December 30, 2021 by davehogan

   

How to download all files from an FTP directory?

0  Asked on December 29, 2021

   

Default SMTP functionality if one of multiple addresses is invalid

1  Asked on December 29, 2021 by freefaller

 

Redirect SSH traffic through GRE tunnel

1  Asked on December 27, 2021 by user158720

       

start-stop-daemon not working as expected

1  Asked on December 27, 2021 by mhingston

     

Properly manage iptables rules on Docker host

1  Asked on December 27, 2021 by ural

         

AWS ECS: Unable to place task

1  Asked on December 27, 2021 by jonathan-coustick

     

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved.