Skip to content

Commit

Permalink
build: odkcentral whitelist local cidr ip services to avoid ModSec
Browse files Browse the repository at this point in the history
  • Loading branch information
@spwoodcock
spwoodcock committed Mar 5, 2025
1 parent bf77377 commit 1642cc4
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
2 changes: 2 additions & 0 deletions compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ x-proxy-env: &proxy-env # General
odkcentral_AUTO_REDIRECT_HTTP_TO_HTTPS: no
odkcentral_CUSTOM_SSL_CERT_DATA: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI5RENDQVhtZ0F3SUJBZ0lVWXFyb0dWRVdsK204eU9OY2pUU2pCWThkckN3d0NnWUlLb1pJemowRUF3SXcKRlRFVE1CRUdBMVVFQXd3S2IyUnJZMlZ1ZEhKaGJEQWdGdzB5TkRBM01qTXhNakF6TVRWYUdBOHlNVEkwTURZeQpPVEV5TURNeE5Wb3dGVEVUTUJFR0ExVUVBd3dLYjJSclkyVnVkSEpoYkRCMk1CQUdCeXFHU000OUFnRUdCU3VCCkJBQWlBMklBQktSZmpOQVFzWUI0ekNXckdETHdKNEVIRDRTNW5rL1Z3aG00TmYwN203c0RTai9RTzlYK0JnNjIKeWlMbWVzT1ZMRExHRklpZXZ2aHIrZkxNY0YwUDQwN0FWKytER1o5bXZ6VmNwMVdZMlE5NllpTVVuelM3MWx0RQo4K3BXbFBmanRLT0JoekNCaERBZEJnTlZIUTRFRmdRVWNVekZsNUpWN1dUM045VUhxbmhSRHlWT3ZjY3dId1lEClZSMGpCQmd3Rm9BVWNVekZsNUpWN1dUM045VUhxbmhSRHlWT3ZjY3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QXgKQmdOVkhSRUVLakFvZ2dwdlpHdGpaVzUwY21Gc2doUXFMbTlrYXk1bWJYUnRMbXh2WTJGc2FHOXpkSWNFQ2hRZQpNakFLQmdncWhrak9QUVFEQWdOcEFEQm1BakVBb2xuOGRubmlQN0dKSEJPQW4rTHVCV0ZhaUY1NHFZRmpTYyt1Clpia1cwY1pyNWw2VnZ6WVlBdGdWbUtOdTB5WWRBakVBMWlvT2JRTERYdDV3S1JPWjV5VUtmbys2T21IbTV1NWkKQU5LUHd2MExqc2ZIYk5hbzJMWnduK0VxTjNtdUpPNXEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
odkcentral_CUSTOM_SSL_KEY_DATA: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JRzJBZ0VBTUJBR0J5cUdTTTQ5QWdFR0JTdUJCQUFpQklHZU1JR2JBZ0VCQkRCc21pQjBmUU5hR1VobEdpWnMKNks1YVo1K1hUOVM1cFdlWkhZc05SVXRlK2FRZ1hIK0pTSmpwRnFqRnNLN21abldoWkFOaUFBU2tYNHpRRUxHQQplTXdscXhneThDZUJCdytFdVo1UDFjSVp1RFg5TzV1N0Ewby8wRHZWL2dZT3Rzb2k1bnJEbFN3eXhoU0lucjc0CmEvbnl6SEJkRCtOT3dGZnZneG1mWnI4MVhLZFZtTmtQZW1JakZKODB1OVpiUlBQcVZwVDM0N1E9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
# Avoid running ModSec rules on calls to ODK Central from API
odkcentral_WHITELIST_IP: 10.20.30.0/24

services:
proxy:
Expand Down
2 changes: 2 additions & 0 deletions deploy/compose.development.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ x-proxy-env: &proxy-env # General
# buffer requests, but not responses, so streaming out works
odk.dev.fmtm.hotosm.org_REVERSE_PROXY_BUFFERING: no
odk.dev.fmtm.hotosm.org_MAX_CLIENT_SIZE: 500m
# Avoid running ModSec rules on calls to ODK Central from API
odk.dev.fmtm.hotosm.org_WHITELIST_IP: 10.20.30.0/24

services:
proxy:
Expand Down
2 changes: 2 additions & 0 deletions deploy/compose.staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ x-proxy-env: &proxy-env # General
# buffer requests, but not responses, so streaming out works
odk.stage.fmtm.hotosm.org_REVERSE_PROXY_BUFFERING: no
odk.stage.fmtm.hotosm.org_MAX_CLIENT_SIZE: 500m
# Avoid running ModSec rules on calls to ODK Central from API
odk.stage.fmtm.hotosm.org_WHITELIST_IP: 10.20.30.0/24

services:
proxy:
Expand Down

0 comments on commit 1642cc4

Please sign in to comment.