[ECODP-dev] URLS to be blocked by the cache
darwin.peltan at okfn.org
Wed Dec 19 15:55:17 UTC 2012
As discussed in our session today please see below a link to a document
with the URLS which the commission should be blocking at the cache level.
These URLS address
* Access to the user functions of the API from outside the network
* Restricting access to user list and user reset
It is essential that these URLS are blocked externally now that NGINX has
The EC also asked about limiting the number of Brute Force requests that
people can make on the login form. As previously advised this would be best
limited in the caching layer.
Hopefully this resolves all the security issues raised by the commission.
The Open Knowledge Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ecodp-dev