Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public

I think I figured it out.  Our Apache <Location> tag was using:

<Location /hudson/*>

Which is incorrect.  It will match any file under /hudson, but not a subdirectory.

Try now -- you won't even be able to reach the URL without logging in:

Denis Roy wrote:
Oisin Hurley wrote:
Maybe the most lightweight action to take now is let apache
do the securing [1]?
We already have that in place, except we use LDAP, and we use SSL to protect your committer ids.

    SSLProxyEngine On
    ProxyPreserveHost on
    ProxyPass /hudson https://localhost:8443/hudson
    ProxyPassReverse /hudson https://localhost:8443/hudson

   <Location /hudson/>
      AuthType Basic
      AuthName "Eclipse Account"
      AuthBasicProvider ldap
      AuthLDAPURL ldap://ldapmaster:389/ou=people,dc=eclipse,dc=org
      Require ldap-group cn=callisto-dev,ou=group,dc=eclipse,dc=org

Any other ideas?

Denis Roy

_______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxx

Denis Roy
Manager, IT Infrastructure
Eclipse Foundation, Inc. --
Office: 613.224.9461 x224 (Eastern time)
I'm going to EclipseCon 2009

Back to the top