You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since we are using Fastly for some of our hosts, we should white-list that only Fastly is allowed to access Apache. The list of Fastly IP blocks is https://api.fastly.com/public-ip-list. If the IP is not in this list, they should not be allowed access to domains we are hosting through Fastly.
We should add a set of Allow constraints to the Apache configuration for the following domains:
These constraints should be updated every day using a cron job. @ranguard says they update this only every few months or so, so a nightly rebuild should be fine.
We could use iptables to white-list, but that will only work if we serve all content through Fastly, which we currently do not.
The text was updated successfully, but these errors were encountered:
Since we are using Fastly for some of our hosts, we should white-list that only Fastly is allowed to access Apache. The list of Fastly IP blocks is https://api.fastly.com/public-ip-list. If the IP is not in this list, they should not be allowed access to domains we are hosting through Fastly.
We should add a set of
Allowconstraints to the Apache configuration for the following domains:These constraints should be updated every day using a cron job. @ranguard says they update this only every few months or so, so a nightly rebuild should be fine.
We could use
iptablesto white-list, but that will only work if we serve all content through Fastly, which we currently do not.The text was updated successfully, but these errors were encountered: