| From: | Célestin Matte <celestin(dot)matte(at)cmatte(dot)me> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-www(at)lists(dot)postgresql(dot)org |
| Subject: | Re: [PATCH] pgarchives: Add host option for pglister_sync |
| Date: | 2025-01-23 20:36:38 |
| Message-ID: | 3abe6993-f899-4262-b0aa-e05da44861e2@cmatte.me |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
> What "localhost whitelst" are you referring to here?
I set up http auth and disable it in the virtualhost for localhost:
<Location />
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Require local
</Location>
(This is what I called "whitelisting localhost")
> As for the patch, it seems like a really bad idea to silently turn off https validation when you specify a hostname. Surely those are completely independent things?
urllib will display a warning if you use a Host header different from the URL
> I honestly don't understand your described workload... Is your goal to have http auth on all URLs except the /api/archive/<name>/lists/ endpoint from localhost? Surely that's a matter of apache config rather than patching the client?
I want to have http auth for everyone except localhost.
I may not have chosen the best way to do that. Do you see a better way to handle this?
> And if you just want to change the hostname, can't you just edit the URL?
No because I have several domains on localhost. Apache needs to somehow (with the Host header) know which one is wanted.
As specified, I also had a problem with these frequent localhost requests being resolved externally.
--
Célestin Matte
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yoshiyuki Osamura | 2025-01-25 08:07:39 | Wiki editor request |
| Previous Message | Jelte Fennema-Nio | 2025-01-23 20:27:43 | commitfest app: New process discussion & request for reviews |