-
Notifications
You must be signed in to change notification settings - Fork 46
MK8S-25: Disable HTTP directory listing for RPM repository #4651
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: development/131.0
Are you sure you want to change the base?
MK8S-25: Disable HTTP directory listing for RPM repository #4651
Conversation
Hello rdebay-scality,My role is to assist you with the merge of this Available options
Available commands
Status report is not available. |
Request integration branchesWaiting for integration branch creation to be requested by the user. To request integration branches, please comment on this pull request with the following command:
Alternatively, the |
9f7f5e0
to
1825521
Compare
3bb0469
to
852d918
Compare
targets.extend( | ||
[ | ||
# Repository-level saltenv structure | ||
saltenv_dir / "index.html", | ||
saltenv_dir / "redhat" / "index.html", | ||
saltenv_dir / "redhat" / str(self._releasever) / "index.html", | ||
# Top-level saltenv (for health check) | ||
top_saltenv_dir / "index.html", | ||
] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This creation should be factorized.
25dbb07
to
191132f
Compare
Security fix to prevent exposing repository structure on port 8080. - Changed autoindex from on to off in nginx configuration. - Use nginx location directives to return 200 for health checks instead of index files This maintains the original health check functionality while preventing directory structure exposure. The nginx location = / and location = /saltenv/ directives handle health check requests with 200 status, while location / handles all other requests with autoindex off for security. The nginx.conf.j2 template uses the archives variable to generate location directives for each saltenv, but the variable wasn't being passed in the template context. This caused Salt unit tests to fail. The creation of index.html files was tried but it creates a chicken and egg issue during the container startup when the files were not present. Plus this approach is much more simple, no code, not so much salt, only plain configuration. Related: RD-680
09e715b
to
5ff8f6e
Compare
Security fix to prevent exposing repository structure on port 8080. Changed autoindex from on to off in nginx configuration.
Related: RD-680