我们在密闭环境中的服务器需要将通知推送到随我们的应用程序安装的设备。我们在开放环境中尝试了推送客户端,但它确实有效。但是,当移动到我们的服务器时,由于防火墙阻塞而存在网络错误。
基于谷歌文档:
如果您的组织有防火墙限制流量或 从Internet,您需要将其配置为允许连接 FCM,以便您的Firebase云消息传递客户端应用程序接收 消息。要打开的端口是:5228,5229和5230.通常是FCM 仅使用5228,但有时使用5229和5230.FCM没有 提供特定的IP,因此您应该允许防火墙接受 到IP块中包含的所有IP地址的传出连接 在Google的ASN 15169中列出。
但是,我们实际上正在推动使用带有以下URL的HTTP协议:
https://fcm.googleapis.com/fcm/send
这是否意味着要打开的端口现在是443而不是5228?
此外,我们还需要配置主机,因为安全团队不允许我们连接到域。从上面的段落中,所有IP地址都在ASN 15169中,我只是设法找到一个列表here
任何有此经验的人都可以给出指针吗?谢谢。
答案 0 :(得分:5)
这是否意味着要打开的端口现在是443而不是5228?
您应该根据documentation打开5228。
请告知您的安全小组将网址列为import java.util.Scanner;
import java.util.Stack;
/**
* Created by BK on 05-08-2017.
*/
public class LargestRectangleUnderHistogram {
public static void main(String... args) {
Scanner scanner = new Scanner(System.in);
int n = scanner.nextInt();
int[] input = new int[n];
for (int j = 0; j < n; j++) {
input[j] = scanner.nextInt();
}
/*
* This is the procedure used for solving :
*
* Travel from first element to last element of the array
*
* If stack is empty add current element to stack
*
* If stack is not empty check for the top element of stack if
* it is smaller than the current element push into stack
*
* If it is larger than the current element pop the stack until we get an
* element smaller than the current element or until stack becomes empty
*
* After popping each element check if the stack is empty or not..
*
* If stack is empty it means that this is the smallest element encountered till now
*
* So we can multiply i with this element to get a big rectangle which is contributed by
*
* this
*
* If stack is not empty then check for individual areas(Not just one bar individual area means largest rectangle by this) (i-top)*input[top]
*
*
* */
/*
* Initializing the maxarea as we check each area with maxarea
*/
int maxarea = -1;
int i = 0;
Stack<Integer> stack = new Stack<>();
for (i = 0; i < input.length; i++) {
/*
* Pushing the element if stack is empty
* */
if (stack.isEmpty()) {
stack.push(i);
} else {
/*
* If stack top element is less than current element push
* */
if (input[stack.peek()] < input[i]) {
stack.push(i);
} else {
/*
* Else pop until we encounter an element smaller than this in stack or stack becomes empty
*
* */
while (!stack.isEmpty() && input[stack.peek()] > input[i]) {
int top = stack.pop();
/*
* If stack is empty means this is the smallest element encountered so far
*
* So we can multiply this with i
* */
if (stack.isEmpty()) {
maxarea = maxarea < (input[top] * i) ? (input[top] * i) : maxarea;
}
/*
* If stack is not empty we find areas of each individual rectangle
* Remember we are in while loop
*/
else {
maxarea = maxarea < (input[top] * (i - top)) ? (input[top] * (i - top)) : maxarea;
}
}
/*
* Finally pushing the current element to stack
* */
stack.push(i);
}
}
}
/*
* This is for checking if stack is not empty after looping the last element of input
*
* This happens if input is like this 4 5 6 1 2 3 4 5
*
* Here 2 3 4 5 remains in stack as they are always increasing and we never got
*
* a chance to pop them from stack by above process
*
* */
while (!stack.isEmpty()) {
int top = stack.pop();
maxarea = maxarea < (i - top) * input[top] ? (i - top) * input[top] : maxarea;
}
System.out.println(maxarea);
}
}
答案 1 :(得分:0)
除了Darish的回答外,Google不建议将IP或URL列入白名单:
对于传出连接,FCM不提供特定的IP,因为我们的 IP范围更改过于频繁,防火墙规则可能失效 日期会影响您的用户体验。理想情况下,您将白名单 没有IP限制的5228-5230端口。但是,如果您必须 IP限制,您应该将所有IP地址列入白名单 Google的ASN 15169中列出了IPv4和IPv6块。 列表,您应该计划每月更新规则。引起的问题 防火墙IP限制通常是间歇性的,难以实现 诊断。
您可以找到有关Google IP地址here(Google帮助页面)或here(ipinfo.io)的信息。
您还可以尝试以下命令(从上面的第一个链接,从netstat转换为dig):
dig @8.8.8.8 _spf.google.com TXT
dig @8.8.8.8 _netblocks.google.com TXT
dig @8.8.8.8 _netblocks2.google.com TXT
dig @8.8.8.8 _netblocks3.google.com TXT
第一个命令为您提供Google邮件服务器的SPF记录(这是它们拥有的所有IP)。这将导致您找到_netblockN.google.com TXT记录,该记录为您提供了所有IP范围。我的查询现在产生了以下结果:
_netblocks.google.com. 3599 IN TXT "v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"
_netblocks2.google.com. 3599 IN TXT "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"
_netblocks3.google.com. 3599 IN TXT "v=spf1 ip4:172.217.0.0/19 ip4:172.217.32.0/20 ip4:172.217.128.0/19 ip4:172.217.160.0/20 ip4:172.217.192.0/19 ip4:172.253.56.0/21 ip4:172.253.112.0/20 ip4:108.177.96.0/19 ip4:35.191.0.0/16 ip4:130.211.0.0/22 ~all"
您可以解析这些TXT记录,并将生成的IP范围用于防火墙规则。 Google确实建议您每月更新一次规则。