Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[functionapp] Disable unnecessary endpoints in Linux Consumption #52

Merged
merged 13 commits into from
Jun 13, 2019
Merged

[functionapp] Disable unnecessary endpoints in Linux Consumption #52

merged 13 commits into from
Jun 13, 2019

Conversation

Hazhzeng
Copy link
Contributor

@Hazhzeng Hazhzeng commented Jun 7, 2019

Background

In Linux Consumption, we only allow three sets of endpoint

  1. /admin/instance/assign & /admin/instance/info
  2. /deployments/
  3. /api/zipdeploy

Besides that, we should seal up all other endpoints with a MiddleWare.

Solution

Implement LinuxConsumptionRouteMiddleware.cs allows a list of route prefixes to access the instance.
Activate LinuxConsumptionRouteMiddleware only when KuduLite is running in SeaBreeze containers.

Code Review Request

@balag0 @sanchitmehta

@Hazhzeng Hazhzeng mentioned this pull request Jun 7, 2019
Closed
Block zipdeploy endpoints from Linux Consumption access from IP address
1a0beb7 
Apply authorization on Deployment Logs
Change authorization on the Controller level
Initialize Authorization after environment injection
@Hazhzeng Hazhzeng mentioned this pull request Jun 7, 2019
Closed
@sanchitmehta sanchitmehta merged commit 6608e88 into Azure-App-Service:dev Jun 13, 2019
@Hazhzeng Hazhzeng deleted the hazeng-pr8-disableapis branch July 9, 2020 18:45
Hazhzeng pushed a commit to Hazhzeng/KuduLite that referenced this pull request Jul 20, 2021
@sanchitmehta
[functionapp] Disable unnecessary endpoints in Linux Consumption (Azu…
fe0dcf3 
…re-App-Service#52)

* Filter routes for Linux Consumption KuduLite

* Block zipdeploy endpoints from Linux Consumption access from IP address
Apply authorization on Deployment Logs
Change authorization on the Controller level
Initialize Authorization after environment injection

* Handle Request header disguise in middleware

* Merge authentication and authorization logic in middleware

* Add unit tests for authentication

* Reorder using statements

* Clean up using directives

* Remove parallelzation for environment variable unit tests

* Debug Request Not Found issue

* Reorder LinuxConsumptionRouteMiddleware

* Sanitize SCM Url with Regex if DISGUISED-HOST is not presented

* Remove debug console log

* Enable stub homepage for linux consumption
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sanchitmehta sanchitmehta sanchitmehta approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Hazhzeng @sanchitmehta