Disallowing public access to ISO uploads

I'm uploading ISO files to Vultr via the API. It's not problematic. The server hosts the ISO for a few minutes, waits for Vultr to finish downloading, and once it's confirmed that Vultr has the image, the server is destroyed.

However, during the time the image is being uploaded to Vultr, the ISO is available to the whole public. It is necessary to make the ISO public so that Vultr can access it. But this is not ideal.

Is there a better way to make the upload process more secure? Perhaps by providing Vultr's IP addresses that we can whitelist, allowing only Vultr to download the image but nobody else.

Comments

  • According to Vultr support, they told me they won't reveal the IP addresses due to "security reasons." Whatever that means.

    One way I thought of is to use HTTPS and generate a random password to embed into the URL. Then only Vultr will know of the URL and nobody else.

  • I guess there is also a chance Vultr might change their IP addresses without notice too. You could always disallow some IP ranges that are clearly outside of the region (e.g you could block all Russian, Chinese, etc. if you are in North America), this could slightly reduce the attack potential.

    But embedding a random one-time key in the URL is probably the best option, for the few minutes of existence it is unlikely that anyone could guess it.

This discussion has been closed.