/
Proposal: Opt-in Public Url Subset

Proposal: Opt-in Public Url Subset

Owned by Calen Pennington (Deactivated)
Last updated: Nov 03, 2015

Summary

In order to limit possible security vulnerabilities, we will make a single url sub-space which will be exposed outside the VPC, and all other urls will only be accessible inside the VPC.

Details

At the hosting layer (AWS VPC), requests from outside the VPC to any url not in the /public prefix will return a 404. This will be enabled by default on all new IDAs, and will be rolled out on existing IDAs as teams have the bandwidth to adjust their URLs.

In order to make OpenEdX deployment easier, IDAs should continue to use correct authentication and authorization for all URLs.

Related content

Isolating Views by Site in edx-platform
Isolating Views by Site in edx-platform
Dave Ormsbee
More like this
Authentication
Authentication
Architecture and Engineering
More like this
Development Environment Improvement Plans
Development Environment Improvement Plans
Architecture and Engineering
More like this
Architecture Roadmap Details, 2018-19
Architecture Roadmap Details, 2018-19
Architecture and Engineering
More like this
Architecture: OAuth Scopes
Architecture: OAuth Scopes
Open edX Product Management
More like this
Setup OAuth Client for Internal Services (Django Oauth Toolkit version)
Setup OAuth Client for Internal Services (Django Oauth Toolkit version)
Architecture and Engineering
More like this