Comments (2)
pglombardo
commented on June 18, 2024
Hi @assices - Having all shared links under a common share path would be nice but we don't have that today. But you should be still able to block on paths already.
BTW: Are you aware of:PWP__ALLOW_ANONYMOUS and PWP__DISABLE_SIGNUPS in the Configuration documentation? It's another way to limit access. Requires logins.
Here is the overly detailed list with HTTP methods to allow anonymous access to. It's slightly more complicated as well because of the locale support in URLs.
Text based pushes
- GET
/p/:id - DELETE
/p/:id(for "Allow users to delete this push once retrieved." option) - GET
/p/:id/r - GET
/p/:id/passphrase - POST
/p/:id/access - GET
/:locale/p/:id - DELETE
/:locale/p/:id(for "Allow users to delete this push once retrieved." option) - GET
/:locale/p/:id/r - GET
/:locale/p/:id/passphrase - POST
/:locale/p/:id/access
URL based pushes
- GET
/r/:id - DELETE
/r/:id(for "Allow users to delete this push once retrieved." option) - GET
/r/:id/r - GET
/r/:id/passphrase - POST
/r/:id/access - GET
/:locale/r/:id - DELETE
/:locale/r/:id(for "Allow users to delete this push once retrieved." option) - GET
/:locale/r/:id/r - GET
/:locale/r/:id/passphrase - POST
/:locale/r/:id/access
File based pushes
- GET
/f/:id - DELETE
/f/:id(for "Allow users to delete this push once retrieved." option) - GET
/f/:id/r - GET
/f/:id/passphrase - POST
/f/:id/access - GET
/:locale/f/:id - DELETE
/:locale/r/:id(for "Allow users to delete this push once retrieved." option) - GET
/:locale/f/:id/r - GET
/:locale/f/:id/passphrase - POST
/:locale/f/:id/access
It depends on what features you have enabled on your instance but general path rules somewhat like the following would work:
location /p/ {
allow all;
}
location /en/p/ {
allow all;
}If you want a raw dump of all routes of the application, from inside the Docker container run rails routes.
from passwordpusher.
assices
commented on June 18, 2024
Thanks Peter,
I think it's quite difficult to block shared links only by URL path without risking blocking other user management functions.
An example:
Shared link (public access)
https://pwpush.example.com/it/p/of7xq0slito7wgps8w
user management links (restricted access)
https://pwpush.example.com/it/p/of7xq0slito7wgps8w/anteprima
https://pwpush.example.com/it/p/of7xq0slito7wgps8w/controllo
https://pwpush.example.com/it/p/scaduto
https://pwpush.example.com/it/p/attivo
Anyway, I'll do some tests.
Yes, I evaluated PWP__ALLOW_ANONYMOUS and PWP__DISABLE_SIGNUPS options, but I would like leave both Anonynous and Signups enabled for company employees only.
Thanks again for informations.
Ciao, Andrea
from passwordpusher.
Related Issues (20)
- MySQL doesn't like a default value for TEXT fields (release 1.28.0) HOT 16
- Container XXXXXX didn't respond to HTTP pings on port: 5100, failing site start. See container logs for debugging HOT 8
- copy buttons not working anymore HOT 2
- no translations for Passphrase Lockdown feature HOT 2
- Changing default value in azure HOT 4
- Show hide Header and Footer completely HOT 2
- Allow applying custom CSS by using a url in head tag HOT 1
- FR: Anonymous File & URL Pushes HOT 1
- . HOT 5
- missing private.sqlite3 on pwpush-ephemeral container image HOT 4
- FR: Add option to disable (hide) password generator
- Disable some languages. HOT 3
- QR Code, for Created URL, in Preview Page HOT 3
- Kubernetes Pod replies "403 Forbiden" after a while HOT 5
- Increase Default Value for hourly throttling
- FR: Add option to show logo on preliminary page (1-click retrieval step)
- "Generate Password" creates wrong password length HOT 2
- Failing to start up container, exec format error HOT 5
- Emails are not sent in the locale that the user signed up with
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from passwordpusher.