Closed KasperBrandt closed 8 years ago
We just need to make sure we don't block partner that have setup a host like projects.partner.org for the rsr page.
I have to say that I can't really remember how this works but I was under the impression (without having thought about it) that we need to allow "everything" into RSR.
I've just seen we also have *.akvoapp.org
as a valid server name
@kardan Those do not exist currently. Plus, we get an error message for those as well:
Invalid HTTP_HOST header: 'dutchforeignaffairs_ice.akvoapp.org'. The domain name provided is not valid according to RFC 1034/1035.
Request repr():
<WSGIRequest
path:/robots.txt,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'HTTP_ACCEPT': '*/*',
'HTTP_ACCEPT_ENCODING': 'gzip',
'HTTP_ACCEPT_LANGUAGE': 'zh-cn,zh-tw',
'HTTP_CONNECTION': 'close',
'HTTP_HOST': 'dutchforeignaffairs_ice.akvoapp.org',
'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2',
'HTTP_X_FORWARDED_FOR': '123.125.71.76',
'HTTP_X_REAL_IP': '123.125.71.76',
'PATH_INFO': u'/robots.txt',
'QUERY_STRING': '',
'RAW_URI': '/robots.txt',
'REMOTE_ADDR': '123.125.71.76',
'REMOTE_PORT': '80',
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': u'',
'SERVER_NAME': 'dutchforeignaffairs_ice.akvoapp.org',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SOFTWARE': 'gunicorn/18.0',
'gunicorn.socket': <socket._socketobject object at 0x10b2e9f0>,
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f0432184270>,
'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x7f042f2b5d50>,
'wsgi.input': <gunicorn.http.body.Body object at 0x2006dad0>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
So... should we remove _
and *.akvoapp.org
server names?
FWIW, I'm not sure what we should do.
@kardan At least disallow _
in any RSR hostname :)
@kardan @KasperBrandt ok, I'm going to remove _
server names and reconfigure nginx accordingly
Applied to all environments :dancers:
See https://github.com/akvo/akvo-provisioning/blob/master/puppet/modules/rsr/manifests/config.pp#L18.
Background information (from email):