search

amitt001 / pygmy

An open-source, feature rich & extensible url-shortener + analytics written in Python :cookie:
https://demo.pygy.co/pygmy
MIT License
703 stars 135 forks source link

Secure the homepage to prevent access from outside #28

Closed lukaalba closed 5 years ago

lukaalba commented 6 years ago

Hi, I don't want people from outside of my network using the url shortener to create own short urls. Is it possible to secure the mainpage AND make the urls for everyone available?

amitt001 commented 5 years ago

@lukaalba apologies for not getting back to you quicker.

There a couple of ways to achieve this. Listing some here

  1. IP whitelist on url patterns(like /shorten/*) through nginx. A google search returned this https://stackoverflow.com/questions/13917866/nginx-ip-whitelist
  2. Prevent public access to all the URLs except https:/// and only allow GET request through nginx
  3. Only allow the logged-in user to create shortened URL and disable register option from the main page (Simple and clean)

I prefer 3rd :)