Pantheon Community

Remote server firewall filtering

We have a site that needs to connect to a remote server via cURL. That remote server’s security policy is that it needs to be able to identify our Pantheon site and only let traffic in coming from that site.

They’d like to filter based upon IP address, but PEG is cost prohibitive.

We thought we’d be able to filter based on FQDN but apparently traffic looks like it is coming from a the domain name. That’s not tight enough.

Validating against the Let’s Encrpt cert? That expires at least 4 times a year and no telling when. Also, the LE certs are signed by them, not the client.

A legacy certificate? I’m told that’s as expensive as PEG.

Any creative solutions given our constraints? Thanks.