Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caddy: reject access to hidden file and lug admin API #14

Closed
skyzh opened this issue Nov 5, 2020 · 3 comments · Fixed by #32
Closed

caddy: reject access to hidden file and lug admin API #14

skyzh opened this issue Nov 5, 2020 · 3 comments · Fixed by #32
Assignees
@BugenZhao

Comments

@skyzh
Copy link
Member

skyzh commented Nov 5, 2020
edited
Loading 

:80 {
	@hidden {
		path */.*
	}
	encode gzip
	respond @hidden 403
	reverse_proxy /lug/* siyuan-lug:7001 {
		header_down Access-Control-Allow-Origin *
		header_down Access-Control-Request-Method GET
	}
	# TODO: block access to lug admin API /lug/v1/admin/*
	file_server /ubuntu/* browse {
		root /srv
	}
	file_server /* {
		root /dists
	}
}
@skyzh skyzh changed the title caddy: reject access to hidden file caddy: reject access to hidden file and lug admin API Nov 5, 2020
@BugenZhao
Copy link
Member

Seems like we need to add @hidden fields to all http-only sites as well?

@skyzh
Copy link
Member Author

skyzh commented Nov 6, 2020

Seems like we need to add @hidden fields to all http-only sites as well?

Yes

@BugenZhao
Copy link
Member

Working on it in #32.

@BugenZhao BugenZhao linked a pull request Nov 7, 2020 that will close this issue
caddy-gen: reject access to hidden files and lug admin API #32
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BugenZhao BugenZhao

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

caddy-gen: reject access to hidden files and lug admin API sjtug/mirror-docker-unified
2 participants
@skyzh @BugenZhao