Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public
I think I figured it out.  Our Apache <Location> tag was using:

<Location /hudson/*>

Which is incorrect.  It will match any file under /hudson, but not a subdirectory.

Try now -- you won't even be able to reach the URL without logging in:
https://build.eclipse.org/hudson/job/stp.sca-tools.trunk/



Denis Roy wrote:
Oisin Hurley wrote: 
Maybe the most lightweight action to take now is let apache
do the securing [1]?
We already have that in place, except we use LDAP, and we use SSL to protect your committer ids.

    SSLProxyEngine On
    ProxyPreserveHost on
    ProxyPass /hudson https://localhost:8443/hudson
    ProxyPassReverse /hudson https://localhost:8443/hudson

   <Location /hudson/>
      AuthType Basic
      AuthName "Eclipse Account"
      AuthBasicProvider ldap
      AuthLDAPURL ldap://ldapmaster:389/ou=people,dc=eclipse,dc=org
      Require ldap-group cn=callisto-dev,ou=group,dc=eclipse,dc=org
   </Location>


Any other ideas?

--
Denis Roy


_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev

--
Denis Roy
Manager, IT Infrastructure
Eclipse Foundation, Inc. -- http://www.eclipse.org/
Office: 613.224.9461 x224 (Eastern time)
denis.roy@xxxxxxxxxxx
I'm going to EclipseCon 2009

Back to the top