Enable /status and /ping for php-fpm

CanastaWiki / Canasta

MediaWiki Docker image for Canasta, an all-in-one MediaWiki stack for easy deployment and management of enterprise-ready MediaWiki on production environments.

https://www.canasta.wiki

MIT License

36 stars 27 forks source link

Enable /status and /ping for php-fpm #396

Open naresh-kumar-babu opened 2 months ago

naresh-kumar-babu commented 2 months ago

Partial fix for #388

jeffw16 commented 2 months ago

Is this accessible to the general public? Or is it an internal route?

yaronkoren commented 2 months ago

I'm guessing it's open to the public... but does it matter?

jeffw16 commented 2 months ago

In theory, only synthetic monitors should have access to heartbeat endpoints, not the general public. It's best to find a way to prevent bad actors from being able to access this endpoint.

yaronkoren commented 2 months ago

@vedmaka or @pastakhov - any thoughts on this? This came from your code. Is enabling /status and /ping a potential security issue, and if so, how can it be resolved?

jeffw16 commented 4 weeks ago

I withdraw my concern as it seems like it's working just fine for WikiTeq over the past several months. We should ideally add an option for a firewall for these endpoints in the future. I'll go ahead and give my approval.

jeffw16 commented 4 weeks ago

After discussion at the last meeting, we decided we should hold off on this until we have some clarity about adding a firewall if needed. Rescinding my approval for now. Sorry :(