User story #2322: Forbid access to URL /api/* for any hosts safe localhost - Rudder - Issue Tracker

Actions

Copy link

User story #2322

closed

Forbid access to URL /api/* for any hosts safe localhost

Added by François ARMAND over 12 years ago. Updated over 9 years ago.

Status:

Released

Priority:

1 (highest)

Assignee:

Matthieu CERDA

Category:

Packaging

Target version:

2.4.0~alpha6

Pull Request:

UX impact:

Suggestion strength:

User visibility:

Effort required:

Name check:

Fix check:

Regression:

Description

In Rudder, URL under /api/* are REST api that allows to do a lot of thing but do not require authentication if rudder-web.properties property rudder.rest.allowNonAuthenticatedUser is set to true (default).

But we want to allow access to these URL only from localhost.

=> change Apache configuration to forbid that !

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

User story #2322

Forbid access to URL /api/* for any hosts safe localhost

Updated by Matthieu CERDA over 12 years ago

Updated by Jonathan CLARKE over 12 years ago

Updated by Jonathan CLARKE over 12 years ago

Updated by Nicolas PERRON almost 12 years ago

Updated by Benoît PECCATTE over 9 years ago