search

AtlasOfLivingAustralia / image-service

Image repository and tiling services
https://images.ala.org.au
0 stars 17 forks source link

Require authentication or apikey for scheduleArtifactGeneration #41

Closed ansell closed 5 years ago

ansell commented 5 years ago

Some admin commands are being called by crawler bots, which implies that they don't have authentication or apikeys restricting access. In this case, the target is /ws/scheduleArtifactGeneration

==> /var/log/tomcat7/catalina.out <==
Index Image 229250751: 2 ms
Index Image 229250751: 1 ms
2018-11-02 10:59:39,223 [http-bio-8080-exec-17549] INFO  images.LogService  - Username: N/A IP: 150.229.66.12 Session: F0ACE69B5C8C22296F007E5E6F0D3C75 UA: Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) URI: /grails/webService/scheduleArtifactGeneration.dispatch

==> /var/log/apache2/images.ala.org.au.ssl_access.log <==
66.249.79.252 - - [02/Nov/2018:10:59:39 +1100] "GET /ws/scheduleArtifactGeneration/5b6de1d6-7f86-4080-9f2f-b924cc2adc87 HTTP/1.1" 200 6419 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
djtfmartin commented 5 years ago

this is done in grails3 version so i've closed the issue for now (we've no . plans to fix on grails2)