[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: factor status-code-remapping text in
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: factor status-code-remapping text into new subsection "Status code remapping" |
Date: |
Wed, 11 Aug 2021 15:17:48 +0200 |
This is an automated email from the git hooks/post-receive script.
ttn pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new ceaccf2 factor status-code-remapping text into new subsection "Status
code remapping"
ceaccf2 is described below
commit ceaccf20d8e4ba8e64fda43cc40d9bd873f81633
Author: Thien-Thi Nguyen <ttn@gnuvola.org>
AuthorDate: Wed Aug 11 09:16:04 2021 -0400
factor status-code-remapping text into new subsection "Status code
remapping"
- Add front para re instance existence leak and its usefulness.
- Move status code names from 2nd para to 1st.
---
taler-merchant-manual.rst | 42 +++++++++++++++++++++++++-----------------
1 file changed, 25 insertions(+), 17 deletions(-)
diff --git a/taler-merchant-manual.rst b/taler-merchant-manual.rst
index d9f3ddd..52082b3 100644
--- a/taler-merchant-manual.rst
+++ b/taler-merchant-manual.rst
@@ -926,14 +926,6 @@ have TLS configured. Leave out the last line if your
Nginx reverse proxy does
not have HTTPS enabled. Make sure to restart the ``taler-merchant-httpd``
process after changing the ``SERVE`` configuration.
-For higher security (by leaking less information), you can add to the
configuration:
-
-.. code-block:: nginx
-
- error_page 404 =403 /empty.gif;
-
-This remaps all 404 response codes (Not found) to 403 (Forbidden).
-
Apache
^^^^^^
@@ -960,15 +952,6 @@ Note that the above again assumes your domain name is
``example.com`` and that
you have TLS configured. Note that you must add the ``https`` header unless
your site is not available via TLS.
-For higher security (by leaking less information), you can add to the
configuration:
-
-.. code-block:: apacheconf
-
- cond %{STATUS} =404
- set-status 403
-
-This remaps all 404 response codes (Not found) to 403 (Forbidden).
-
The above configurations are both incomplete. You must still additionally
set up access control!
@@ -1120,6 +1103,31 @@ restrict access to the internal API to authorized
clients.
System administrators are strongly advised to test their access control
setup before going into production!
+Status code remapping
+---------------------
+
+Normal API usage leaks instance existence information.
+Distinguishing between 404 (Not found) and 403 (Forbidden)
+is useful for diagnostics.
+
+For higher security (by leaking less information),
+you can add the following fragment,
+which remaps all 404 response codes to 403.
+
+Nginx
+^^^^^
+
+.. code-block:: nginx
+
+ error_page 404 =403 /empty.gif;
+
+Apache
+^^^^^^
+.. code-block:: apacheconf
+
+ cond %{STATUS} =404
+ set-status 403
+
Customization
=============
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: factor status-code-remapping text into new subsection "Status code remapping",
gnunet <=