search

OpenTreeOfLife / germinator

miscellaneous scripts and data for concerns that span more than one of the Open Tree code repositories: integration tests, system statistics, etc.
BSD 2-Clause "Simplified" License
21 stars 7 forks source link

Restrict http verbs #153

Closed kcranston closed 10 months ago

kcranston commented 4 years ago

First pass at config changes to restrict http verbs. Also changes tnrs from neo4j to otcetera. Needs review to confirm 1) correct ports for otc and 2) which methods require opening up POST.

Requires installation of mod_allowmethods module, if note already installed.

bredelings commented 4 years ago

I think that all methods in otcetera do POST and OPTIONS but not GET. So tnrs, taxonomy, and conflict would also need POST permission.

bredelings commented 4 years ago

Also maybe the part that redirects to ws_wrapper instead of taxomachine should be a separate commit. (Sorry if that is too nit-picky).

snacktavish commented 4 years ago

I'm going to spin up a new machine and test it!

snacktavish commented 4 years ago 
Invalid command 'AllowMethods', perhaps misspelled or defined by a module not included in the server configuration
Action 'graceful' failed.
The Apache error log may have more information.
jimallman commented 4 years ago

Maybe you need mod_allowmethods running in apache? https://httpd.apache.org/docs/2.4/mod/mod_allowmethods.html

jimallman commented 4 years ago

See existing a2enmod commands here, probably can add this at the end.

EDIT to fix the link, durnit.

kcranston commented 4 years ago

Requires installation of mod_allowmethods module, if not already installed.

Yup - module probably not installed by default.

snacktavish commented 4 years ago

Ah right! No points will be awarded on reading comprehension for meeee. I'll try with proper installs shortly!

snacktavish commented 4 years ago

Deployed on ot54 - does successfully prevent top level post, but restrictions cause a bunch of other tests to fail. Continuing to dig into it, but updating here:

Estudies.tree_get.test_get_tree.v3: . Wrong status code. Expected 200. Got 403.
Efrontend.top.test_about.v3: . Wrong status code. Expected 200. Got 403.
Efrontend.top.test_references.v3: . Wrong status code. Expected 200. Got 403.
Efrontend.top.test_top.v3: . Wrong status code. Expected 200. Got 403.
Efrontend.top.test_curator.v3: . Wrong status code. Expected 200. Got 403.
Estudies.properties.test_properties.v3: . Wrong status code. Expected 200. Got 405.
Estudies.find_studies.test_find_by_curator.v3: . Wrong status code. Expected 200. Got 405.
Estudies.study_list.test_study_list.v3: . Wrong status code. Expected 200. Got 403.
Estudies.find_trees.test_find_by_ott_id.v3: . Wrong status code. Expected 200. Got 405.
Estudies.study_get.test_get_oldversion_nexml2json.v3: . Wrong status code. Expected 200. Got 403.
EEstudies.file_get.test_file.v3: . Wrong status code. Expected 200. Got 403.
studies.find_studies.test_find_all.v3: . Wrong status code. Expected 200. Got 405.
Estudies.find_studies.test_find_by_doi.v3: . Wrong status code. Expected 200. Got 405.
Estudies.study_get.test_404.v3: . Wrong status code. Expected 404. Got 403.
Estudies.study_get.test_get.v3: . Wrong status code. Expected 200. Got 403.
mtholder commented 10 months ago

closing because we moved to ansible https://github.com/OpenTreeOfLife/ot-ansible/issues/39