<div dir="ltr">Hi Stuart, did you see my notes about the unmerged pulls, the status(xxx) call and the question about basic auth being part of the predicate language?<div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Aug 16, 2018 at 1:30 PM Brad Wood <<a href="mailto:bdw429s@gmail.com">bdw429s@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Is the basic auth handler part of the predicate language? I didn't see it in the docs so I wanted to see if there was a way to have a textual representation of that. <div><br clear="all"><div><div dir="ltr" class="m_7346420918360506068gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Aug 16, 2018 at 1:06 PM Brad Wood <<a href="mailto:bdw429s@gmail.com" target="_blank">bdw429s@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for the additional information Stuart. After a bit of Googling, the most comprehensive version of the documentation for the predicate language appears to be here: <div><br></div><div><a href="https://github.com/undertow-io/undertow-docs/blob/master/src/main/asciidoc/predicates-attributes-handlers.asciidoc" target="_blank">https://github.com/undertow-io/undertow-docs/blob/master/src/main/asciidoc/predicates-attributes-handlers.asciidoc</a><br></div><div><br></div><div>I'll note that Google really tends to favor the older, but less complete versions of that page such as this one:</div><div><br></div><div><div><a href="http://undertow.io/undertow-docs/undertow-docs-1.2.0/predicates-attributes-handlers.html" target="_blank">http://undertow.io/undertow-docs/undertow-docs-1.2.0/predicates-attributes-handlers.html</a><br></div></div><div><br></div><div>You may want to look into some SEO tricks to get Google to index the most recent version so it's easier to find. That said, for the life of me, I can't find any docs at all that talk about the <b>status(404)</b> bit you showed. Where is that covered? </div><div><br></div><div>Did you perhaps mean this: <b>response-code(302)</b></div><div><br></div><div>Also, on the note of your docs, you have a handful of old pull requests for typos and such over here:</div><div><a href="https://github.com/undertow-io/undertow-docs/pulls" target="_blank">https://github.com/undertow-io/undertow-docs/pulls</a><br></div><div>I added one to the list. Please review and merge those :)</div><div><br clear="all"><div><div dir="ltr" class="m_7346420918360506068m_-8701447724821894703gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Aug 15, 2018 at 7:05 PM Stuart Douglas <<a href="mailto:sdouglas@redhat.com" target="_blank">sdouglas@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Sat, Aug 11, 2018 at 1:25 AM Brad Wood <<a href="mailto:bdw429s@gmail.com" target="_blank">bdw429s@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">It depenends a bit on what you want to do. </blockquote><div> </div><div>Thanks for the reply Stuart. Honestly, I'm just brainstorming a little here to see what's possible but I just couldn't find any docs or examples to help solidify what was out in there. My primary use for this as I explained just now in a separate reply is to be able to add some security rules to CommandBox servers to do things such as:</div><div><div><ul><li>Block access to CF admins in the root (such as paths starting with <b>/CFIDE</b>)<br></li><li>Block access to special files in any directory such as <b>box.json</b>, <b>server.json</b>, or <b>.cfconfig.json</b><br></li><li>Block access to hidden files in any directory (starting with a period )<br></li><li>Block access to custom folders defined by the user such as <b>/tests/</b> or <b>/workbench</b><br></li></ul></div></div><div>I'm thinking a bit how the IIS "hidden segments" feature works. In addition to using this behind the scenes in CommandBox, I'd like to expose it to my users in the <b><a href="https://commandbox.ortusbooks.com/embedded-server/server.json" target="_blank">server.json</a></b> so they can configure basic access control. I generally don't expose 100% of what Undertow does since CommandBox aims to be a drop-in dead-easy way to just fire up a server, but I'm interested in the IP matching since that could be a common use case. i.e., "Block access to the administrator unless the IP is in this range or localhost"</div><div><br></div><div>So basically, yes, I'm interested in all of those things and I don't have a super specific solution in mind, but I'm rather just looking for some better examples to help me understand what's there and what I can best expose in CommandBox.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Basically you just use a predicate to decide what you want to restrict, and then map it to a handler that either rejects the request outright or performs an access control check.</blockquote><div><br></div><div>This makes sense and I think the predicate part was what I was missing, but are there examples of this anywhere? It helps me way more to see some code.</div><div><br clear="all"></div></div></blockquote><div><br></div><div>Most of the examples of this are in the test suite, e.g. PredicatedHandlersTestCase. There is also a text based representation you can use to configure this. e.g. to reject all box.json files: path-suffix(/box.json) -> status(404). </div><div><br></div><div>Stuart</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div dir="ltr" class="m_7346420918360506068m_-8701447724821894703m_-6340840129704592493m_3828390413330250795gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Aug 10, 2018 at 1:47 AM Stuart Douglas <<a href="mailto:sdouglas@redhat.com" target="_blank">sdouglas@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It depenends a bit on what you want to do. <div><br></div><div>If you just want to block /CFIDE you can just use a PredicateHandler, with a PathPrefixPredicate, and if it matches use ResponseCodeHandler to return the desired response code. You could combine it with io.undertow.server.handlers.AccessControlListHandler or io.undertow.server.handlers.IPAddressAccessControlHandler if you want to limit the IP range.</div><div><br></div><div>Basically you just use a predicate to decide what you want to restrict, and then map it to a handler that either rejects the request outright or performs an access control check.</div><div><br></div><div>Stuart</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Aug 10, 2018 at 3:59 PM Brad Wood <<a href="mailto:bdw429s@gmail.com" target="_blank">bdw429s@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Anyone?<div><br clear="all"><div><div dir="ltr" class="m_7346420918360506068m_-8701447724821894703m_-6340840129704592493m_3828390413330250795m_1542722024784640920m_-2787770043905024582gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, Aug 4, 2018 at 4:48 PM Brad Wood <<a href="mailto:bdw429s@gmail.com" target="_blank">bdw429s@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, I'm looking for some examples of locking down access to certain directories, similar to how IIS has "hidden segments". For instance, I'd like all URLs starting with /CFIDE to be blocked, or perhaps only access to a certain range of IPs<div><br></div><div>I swear I had looked at some examples of this about a year ago, but after quite a lot of Googling today I was coming up empty handed. I found some basic information on the access control handlers, but couldn't find a single example of using them.<br><div><br clear="all"><div><div dir="ltr" class="m_7346420918360506068m_-8701447724821894703m_-6340840129704592493m_3828390413330250795m_1542722024784640920m_-2787770043905024582m_-2335512961308348239gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div></div><div>Thanks!</div><div><br></div><div>~Brad</div><div><br></div><div><b>Developer Advocate</b></div><div><i>Ortus Solutions, Corp </i></div><div><b><br></b></div><div>E-mail: <a href="mailto:brad@coldbox.org" target="_blank">brad@coldbox.org</a></div><div>ColdBox Platform: <a href="http://www.coldbox.org" target="_blank">http://www.coldbox.org</a> </div><div>Blog: <a href="http://www.codersrevolution.com" target="_blank">http://www.codersrevolution.com</a></div><div><br></div></div></div></div></div></div></div></div></div>
</blockquote></div>
_______________________________________________<br>
undertow-dev mailing list<br>
<a href="mailto:undertow-dev@lists.jboss.org" target="_blank">undertow-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/undertow-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/undertow-dev</a></blockquote></div>
</blockquote></div>
</blockquote></div></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>