Consider an ACL configuration to limit who has access to the 'pages-status' URI
Summary
The readiness endpoint is configurable via setting pages-status
to something, example done via .com is /-/readiness
. Unfortunately this ends up as a public endpoint access to whomever may not be placing a rule at the front door to prevent access. It is not commonly good practice to allow this type of endpoint accessible via the wider Internet. Consider adding an Access Control List that provides a list of trusted IPs that are allowed to utilize this customizable endpoint.
This was originally discussed here: gitlab-org/charts/gitlab#2447 (closed)
I've opened an Infrastructure issue to address this for .com here: https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/14058
Edited by Jaime Martinez