thijskh
commented
3 years ago And then we change monitor bundle to expose /internal/health and /internal/info?
Closed quartje closed 3 years ago
thijskh
commented
3 years ago And then we change monitor bundle to expose /internal/health and /internal/info?
quartje
commented
3 years ago And then we change monitor bundle to expose
/internal/healthand/internal/info?
Seems like we have the opportunity now to do so, so I'd say we do that
This change allows protecting all paths behind the loadbalancer that start with /internal/ for access only from an ip allowlist. This will be used to protect backend APIs like the deprovision API, or the API in Teams for the SPdashboard that have been secured with http basic authentication only. The default is to allow access from anywhere, additional documentation will be added to the wiki to make sure first time deployers understand how to secure their OpenConext installation.