CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

connect

Browse Source
This commit is contained in:
Jason Ertel
2024-11-11 11:56:19 -05:00
parent 57a9992a3d
commit d4ed34d0ea
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/nginx/etc/nginx.conf
View File

@@ -235,7 +235,7 @@ http {
location /connect/ { location /connect/ {
if ($http_authorization !~ "Bearer .*") { if ($http_authorization !~ "Bearer .*") {
return 403; return 401;
} }
rewrite /connect/(.*) /api/$1 break; rewrite /connect/(.*) /api/$1 break;
proxy_pass http://{{ GLOBALS.manager }}:9822/; proxy_pass http://{{ GLOBALS.manager }}:9822/;
@@ -360,6 +360,9 @@ http {
error_page 429 = @error429; error_page 429 = @error429;
location @error401 { location @error401 {
if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
return 401;
}
if ($request_uri ~* ^/(?!(^/api/.*))) { if ($request_uri ~* ^/(?!(^/api/.*))) {
add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400"; add_header Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
} }
@@ -367,6 +370,9 @@ http {
} }
location @error403 { location @error403 {
if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
return 403;
}
add_header Set-Cookie "ory_kratos_session=;Path=/;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;"; add_header Set-Cookie "ory_kratos_session=;Path=/;Max-Age=0;expires=Thu, 01 Jan 1970 00:00:00 GMT;";
return 302 /auth/self-service/login/browser; return 302 /auth/self-service/login/browser;
} }