CLE-Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

restricting non-GET requests to resultsdb to qa network

Browse source
This commit is contained in:
Tim Flink 2014-06-25 18:03:09 +00:00
parent 32e2d0f324
commit 3e4a477540
2 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/resultsdb-stg
View file

@ -24,5 +24,5 @@ resultsdb_db_port: 5432
resultsdb_endpoint: '/resultsdb' resultsdb_endpoint: '/resultsdb'
resultsdb_fe_endpoint: '/' resultsdb_fe_endpoint: '/'
resultsdb_db_name: resultsdb resultsdb_db_name: resultsdb
allowed_hosts:
tcp_ports: [ 80, 443 ] - 10.5.124

5
roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
View file

@ -13,7 +13,10 @@ WSGISocketPrefix run/wsgi
WSGIScriptReloading On WSGIScriptReloading On
<IfModule mod_authz_core.c> <IfModule mod_authz_core.c>
# Apache 2.4 # Apache 2.4
Require all granted <RequireAny>
Require method GET
Require ip 127.0.0.1 ::1{% for host in allowed_hosts %} {{ host }}{% endfor %}
</RequireAny>
</IfModule> </IfModule>
<IfModule !mod_auth_core.c> <IfModule !mod_auth_core.c>
Order allow,deny Order allow,deny