1:06 p.m.
Thanks for the additional information Stuart. After a bit of Googling, the
most comprehensive version of the documentation for the predicate language
appears to be here:
https://github.com/undertow-io/undertow-docs/blob/master/src/main/asciido...
I'll note that Google really tends to favor the older, but less complete
versions of that page such as this one:
http://undertow.io/undertow-docs/undertow-docs-1.2.0/predicates-attribute...
You may want to look into some SEO tricks to get Google to index the most
recent version so it's easier to find. That said, for the life of me, I
can't find any docs at all that talk about the *status(404)* bit you
showed. Where is that covered?
Did you perhaps mean this: *response-code(302)*
Also, on the note of your docs, you have a handful of old pull requests for
typos and such over here:
https://github.com/undertow-io/undertow-docs/pulls
I added one to the list. Please review and merge those :)
Thanks!
~Brad
*Developer Advocate*
*Ortus Solutions, Corp *
E-mail: brad(a)coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
On Wed, Aug 15, 2018 at 7:05 PM Stuart Douglas <sdouglas(a)redhat.com> wrote:
On Sat, Aug 11, 2018 at 1:25 AM Brad Wood <bdw429s(a)gmail.com> wrote:
> It depenends a bit on what you want to do.
>
>
> Thanks for the reply Stuart. Honestly, I'm just brainstorming a little
> here to see what's possible but I just couldn't find any docs or examples
> to help solidify what was out in there. My primary use for this as I
> explained just now in a separate reply is to be able to add some security
> rules to CommandBox servers to do things such as:
>
> - Block access to CF admins in the root (such as paths starting with
> */CFIDE*)
> - Block access to special files in any directory such as *box.json*,
> *server.json*, or *.cfconfig.json*
> - Block access to hidden files in any directory (starting with a
> period )
> - Block access to custom folders defined by the user such as */tests/*
> or */workbench*
>
> I'm thinking a bit how the IIS "hidden segments" feature works. In
> addition to using this behind the scenes in CommandBox, I'd like to expose
> it to my users in the *server.json
> <https://commandbox.ortusbooks.com/embedded-server/server.json>* so they
> can configure basic access control. I generally don't expose 100% of what
> Undertow does since CommandBox aims to be a drop-in dead-easy way to just
> fire up a server, but I'm interested in the IP matching since that could be
> a common use case. i.e., "Block access to the administrator unless the IP
> is in this range or localhost"
>
> So basically, yes, I'm interested in all of those things and I don't have
> a super specific solution in mind, but I'm rather just looking for some
> better examples to help me understand what's there and what I can best
> expose in CommandBox.
>
> Basically you just use a predicate to decide what you want to restrict,
>> and then map it to a handler that either rejects the request outright or
>> performs an access control check.
>
>
> This makes sense and I think the predicate part was what I was missing,
> but are there examples of this anywhere? It helps me way more to see some
> code.
>
>
Most of the examples of this are in the test suite, e.g.
PredicatedHandlersTestCase. There is also a text based representation you
can use to configure this. e.g. to reject all box.json files:
path-suffix(/box.json) -> status(404).
Stuart
> Thanks!
>
> ~Brad
>
> *Developer Advocate*
> *Ortus Solutions, Corp *
>
> E-mail: brad(a)coldbox.org
> ColdBox Platform: http://www.coldbox.org
> Blog: http://www.codersrevolution.com
>
>
>
> On Fri, Aug 10, 2018 at 1:47 AM Stuart Douglas <sdouglas(a)redhat.com>
> wrote:
>
>> It depenends a bit on what you want to do.
>>
>> If you just want to block /CFIDE you can just use a PredicateHandler,
>> with a PathPrefixPredicate, and if it matches use ResponseCodeHandler to
>> return the desired response code. You could combine it
>> with io.undertow.server.handlers.AccessControlListHandler
>> or io.undertow.server.handlers.IPAddressAccessControlHandler if you want to
>> limit the IP range.
>>
>> Basically you just use a predicate to decide what you want to restrict,
>> and then map it to a handler that either rejects the request outright or
>> performs an access control check.
>>
>> Stuart
>>
>>
>> On Fri, Aug 10, 2018 at 3:59 PM Brad Wood <bdw429s(a)gmail.com> wrote:
>>
>>> Anyone?
>>>
>>> Thanks!
>>>
>>> ~Brad
>>>
>>> *Developer Advocate*
>>> *Ortus Solutions, Corp *
>>>
>>> E-mail: brad(a)coldbox.org
>>> ColdBox Platform: http://www.coldbox.org
>>> Blog: http://www.codersrevolution.com
>>>
>>>
>>>
>>> On Sat, Aug 4, 2018 at 4:48 PM Brad Wood <bdw429s(a)gmail.com> wrote:
>>>
>>>> Hi, I'm looking for some examples of locking down access to certain
>>>> directories, similar to how IIS has "hidden segments". For
instance, I'd
>>>> like all URLs starting with /CFIDE to be blocked, or perhaps only access
to
>>>> a certain range of IPs
>>>>
>>>> I swear I had looked at some examples of this about a year ago, but
>>>> after quite a lot of Googling today I was coming up empty handed. I
found
>>>> some basic information on the access control handlers, but couldn't
find a
>>>> single example of using them.
>>>>
>>>> Thanks!
>>>>
>>>> ~Brad
>>>>
>>>> *Developer Advocate*
>>>> *Ortus Solutions, Corp *
>>>>
>>>> E-mail: brad(a)coldbox.org
>>>> ColdBox Platform: http://www.coldbox.org
>>>> Blog: http://www.codersrevolution.com
>>>>
>>>> _______________________________________________
>>> undertow-dev mailing list
>>> undertow-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>>
>>