restricting non-GET requests to resultsdb to qa network

2014-06-25 18:03:09 +00:00 · 2014-06-25 18:03:09 +00:00 · 3e4a477540
commit 3e4a477540
parent 32e2d0f324
2 changed files with 6 additions and 3 deletions
--- a/inventory/group_vars/resultsdb-stg
+++ b/inventory/group_vars/resultsdb-stg
@ -24,5 +24,5 @@ resultsdb_db_port: 5432
 resultsdb_endpoint: '/resultsdb'
 resultsdb_fe_endpoint: '/'
 resultsdb_db_name: resultsdb
-
-tcp_ports: [ 80, 443 ]
+allowed_hosts:
+    - 10.5.124
--- a/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
+++ b/roles/taskotron/resultsdb-backend/templates/resultsdb.conf.j2
@ -13,7 +13,10 @@ WSGISocketPrefix run/wsgi
    WSGIScriptReloading On
    <IfModule mod_authz_core.c>
        # Apache 2.4
-        Require all granted
+        <RequireAny>
+            Require method GET
+            Require ip 127.0.0.1 ::1{% for host in allowed_hosts %} {{ host }}{% endfor %}
+        </RequireAny>
    </IfModule>
    <IfModule !mod_auth_core.c>
        Order allow,deny