Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

nginx: Limit access to internal endpoints, to localhost.

This commit is contained in:
Alex Vandiver 2024-09-17 01:58:17 +00:00 committed by Tim Abbott
parent 5bc4d39c25
commit c34913b4d7
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
puppet/zulip/files/nginx/zulip-include-frontend/app
View File

@ -102,6 +102,16 @@ location /user_uploads {
include uwsgi_params; include uwsgi_params;
} }
location /api/internal/ {
# These only need be accessed from localhost
allow 127.0.0.1;
allow ::1;
deny all;
include /etc/nginx/zulip-include/api_headers;
include uwsgi_params;
}
# Send all API routes not covered above to Django via uWSGI # Send all API routes not covered above to Django via uWSGI
location /api/ { location /api/ {
include /etc/nginx/zulip-include/api_headers; include /etc/nginx/zulip-include/api_headers;