Fix non working nginx security rules (#1933)
This commit is contained in:
Maxime Besson
parent
ed345329ec
commit
77ca026b09
|
|
@ -5,6 +5,11 @@
|
|||
# ~/CN=(?<CN>[^/]+) $CN;
|
||||
#}
|
||||
|
||||
# FastCGI backend definition
|
||||
upstream llng_portal_upstream {
|
||||
server unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
listen __PORT__;
|
||||
server_name auth.__DNSDOMAIN__;
|
||||
|
|
@ -30,7 +35,7 @@ server {
|
|||
|
||||
# FastCGI configuration
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
||||
fastcgi_pass llng_portal_upstream;
|
||||
fastcgi_param LLTYPE psgi;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||
|
|
@ -47,6 +52,30 @@ server {
|
|||
# Uncomment this if you use Auth SSL:
|
||||
#uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
|
||||
|
||||
# REST/SOAP functions for sessions management (disabled by default)
|
||||
location ~ ^/index.psgi/adminSessions {
|
||||
fastcgi_pass llng_portal_upstream;
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for sessions access (disabled by default)
|
||||
location ~ ^/index.psgi/sessions {
|
||||
fastcgi_pass llng_portal_upstream;
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for configuration access (disabled by default)
|
||||
location ~ ^/index.psgi/config {
|
||||
fastcgi_pass llng_portal_upstream;
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for notification insertion (disabled by default)
|
||||
location ~ ^/index.psgi/notification {
|
||||
fastcgi_pass llng_portal_upstream;
|
||||
deny all;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
index index.psgi;
|
||||
|
|
@ -61,26 +90,6 @@ server {
|
|||
alias __PORTALSTATICDIR__;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for sessions management (disabled by default)
|
||||
location /index.psgi/adminSessions {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for sessions access (disabled by default)
|
||||
location /index.psgi/sessions {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for configuration access (disabled by default)
|
||||
location /index.psgi/config {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# REST/SOAP functions for notification insertion (disabled by default)
|
||||
location /index.psgi/notification {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
#location /javascript/ {
|
||||
|
|
|
|||
Loading…
Reference in New Issue