jgmize
commented
8 years ago Thanks @claudijd, I've applied this to the config on ci.us-west.moz.works. cc @glogiotatidis
Closed claudijd closed 8 years ago
jgmize
commented
8 years ago Thanks @claudijd, I've applied this to the config on ci.us-west.moz.works. cc @glogiotatidis
claudijd
commented
8 years ago I did a bit of testing and it looks to have the desired effect.
Thanks for the quick review and deploy!
glogiotatidis
commented
8 years ago Blocking api and script breaks the BedrockPipelineView
Example of blocked requests:
claudijd
commented
8 years ago @glogiotatidis @jgmize I made a small adjustment to the matcher for the nginx blacklist in #8, I believe this change will prevent it from wild-carding on paths not found on the root, which are causing the problems you mention above.
claudijd
commented
8 years ago Looks like both paths have been restored to normal :)
@jgmize this is a stub for how we might restrict access to certain sensitive paths in Jenkins such that they are only accessible on the loopback (or for tunneled users). If there are paths that you think no one will ever need to visit, like say ./script, we could just make those a solid deny and limit some exposure of admin A from learning admin B's credentials.