[ECODP-dev] URLS to be blocked by the cache

Bastiaan Deblieck bastiaan.deblieck at tenforce.com
Thu Dec 20 14:35:20 UTC 2012

Thanks. Communicated the proposed solution to PO.


On Wed, Dec 19, 2012 at 4:55 PM, Darwin Peltan <darwin.peltan at okfn.org>wrote:

> As discussed in our session today please see below a link to a document
> with the URLS which the commission should be blocking at the cache level.
> https://docs.google.com/document/d/19ldeunN3UQG_UTK2F7zplWV6Rjdo1ZdGaLfk_KjQhOU/edit
> These URLS address
> * Access to the user functions of the API from outside the network
> * Restricting access to user list and user reset
> It is essential that these URLS are blocked externally now that NGINX has
> been removed.
> The EC also asked about limiting the number of Brute Force requests that
> people can make on the login form. As previously advised this would be best
> limited in the caching layer.
> Hopefully this resolves all the security issues raised by the commission.

Bastiaan Deblieck
Semantic Technology Business Unit Manager

T: +32 16 31 48 60
M:+32 475 95 49 32
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/ecodp-dev/attachments/20121220/1d5d0e5f/attachment.html>

More information about the ecodp-dev mailing list