User story #2322
closed
Forbid access to URL /api/* for any hosts safe localhost
Added by François ARMAND about 12 years ago.
Updated about 9 years ago.
Description
In Rudder, URL under /api/* are REST api that allows to do a lot of thing but do not require authentication if rudder-web.properties property rudder.rest.allowNonAuthenticatedUser is set to true (default).
But we want to allow access to these URL only from localhost.
=> change Apache configuration to forbid that !
- Status changed from 2 to Pending technical review
- % Done changed from 0 to 100
- Status changed from Pending technical review to 10
- Status changed from 10 to Released
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
Validating this functional review, even though this solution is less good than desired: we really should have an authentification system for the API tied in with Rudder's auth system. For now, you have to rely on Apache as a proxy to manage access to the API from other machines than localhost.
- Project changed from Rudder to 34
- Category deleted (
11)
- Project changed from 34 to Rudder
- Category set to Packaging
Also available in: Atom
PDF