Comments (6)
Hi @stuba,
It looks like currently the logic from #1361 is based on the allow_public_unauthenticated_access option. Please try updating your route configuration to set allow_public_unauthenticated_access
instead of policy
, something like this:
- name: Default route
from: https://my_service.url
to: http://nginx
preserve_host_header: true
allow_public_unauthenticated_access: true
from pomerium.
Surely this works. I do not know why I had understood this allow_public_unauthenticated_access is all ready deprecated in flavour of new policy. Thank you for clarifying this!
from pomerium.
I agree we should update the logic to also work with PPL.
from pomerium.
Per Caleb: we could refactor this logic to move it to the authorizer service-- if we get a request for /robots.txt and the request is not authorized, we could directly return the "disallow" response. (This should avoid some of the complication of recognizing equivalent PPL policies.)
from pomerium.
The logic around robots.txt handling has been updated to happen in the authorize service so that any policy that allows access without requiring a login should behave the same.
The example route:
- name: Default route
from: https://my_service.url
to: http://nginx
preserve_host_header: true
policy:
allow:
and:
- accept: true
Should forward requests to the backend. Whereas a route with an authorization policy should return
User-agent: *
Disallow: /
from pomerium.
Perfect, thanks!
from pomerium.
Related Issues (20)
- core/config: support direct response HOT 2
- cli reuse port HOT 2
- Path rewriting not working as expected HOT 2
- Add the ability to set the envoy healthy_panic_threshold for an upstream/cluster HOT 3
- Match on header
- docs: Kubernetes supports the headers.{CustomHeaderName} field
- envoy: upgrade to 1.29.2
- core/config: should quit with error on unknown config options HOT 1
- Enhanced Troubleshooting Capabilities for Request and Response Lifecycle
- Integration Test instructions in README are wrong HOT 7
- Add ability to enable TLS Key logging HOT 2
- build-dev-docker.bash script fails on non-Linux when GOBIN is set HOT 1
- Pomerium loops re-reading configuration from CloudRun mounted Secret HOT 2
- Support Regex based host/path rewrites HOT 4
- Support Device authorization flow for programmatic access
- Generate Pomerium-Desktop config by reading pomerium core config HOT 1
- core/kubernetes: user with no groups denied access HOT 1
- Refactor autocert test setup to be clearer
- Two Person Integrity HOT 1
- how to config cert? HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pomerium.