Interface with Ops Security Infrastructure

[jrconlin]

Ensure the app can operate and communicate with the proposed Ops security infrastructure.

This should include:

• [x] Standardized error logging for infractions
• [ ] Process SecOps provided Header correctly (rejecting invalid requests if appropriate)

[jrconlin]

As of 29-Oct: the iprepd is still a work in progress, and no header has yet been defined. See https://github.com/ajvb/iprepd-nginx/pull/1.

Once #46 has landed, I will move this issue to blocked until the headers are ready.

[vladikoff]

from mtg: still waiting for Process SecOps provided Header correctly, https://github.com/mozilla-services/iprepd-nginx/pull/1 was merged, waiting for follow up (maybe deploy?)

[jrconlin]

@jbuck It looks like the iprepd-nginx patch landed, but I'm not sure what the header name is that I should be looking at. Looking over the code, I don't believe that there would be one. It appears that iprepd makes the call about a given IP, and blocks before the app sees it. Does that sound correct? (In that case, we can close this issue.)

[ajvb]

@vladikoff @jrconlin As you said, the initial version just supports having nginx block the IP based on iprepd's response. There isn't anything but the proposed headers in it, but I have an issue open ( https://github.com/mozilla-services/iprepd-nginx/issues/10 ) to support injecting headers instead of blocking the request, specifically for this use-case. Will be working on this soon.

Feel free to ping me with any questions/comment about this

[jrconlin]

thanks @ajvb! For now, I'm going to close this bug since I don't believe this is really blocking Channel Server deployment right now. As that feature lands and becomes useful, I'll reopen a ticket here to use it.