Hi,
I want to add some security header to the request -http://:5005. I have set up an Apache reverse proxy at port 9090, now I can access the page http://:9090 and I can see Hello from Rasa page.
Now I would like to prevent direct access for http://:5005. Kindly suggest! Also sharing curl responses for clarity.
curl -i http://localhost:9090 HTTP/1.1 200 OK Date: Thu, 31 Oct 2019 16:53:46 GMT Server: Apache X-Frame-Option: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=63072000; includeSubDomains Content-Security-Policy: default-src https: data: ‘unsafe-inline’ ‘unsafe-eval’ Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Length: 22 Content-Type: text/plain; charset=utf-8
Hello from Rasa: 1.4.3
curl -i http://localhost:5005 HTTP/1.1 200 OK Connection: keep-alive Keep-Alive: 5 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Length: 22 Content-Type: text/plain; charset=utf-8
Hello from Rasa: 1.4.3
This response I want it to be 404 as we see for the action server request below:
curl -i http://localhost:5055 HTTP/1.1 404 NOT FOUND Content-Type: text/html Content-Length: 232 Date: Thu, 31 Oct 2019 16:53:31 GMT
404 Not FoundNot Found
The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.
--------------------------------Either we need to prevent 5005 direct http access as it needs to get passed through 9090 proxy configuration where I have configured the required security headers or is there a way to add the security headers directly without configuring a reverse proxy. Kindly help.
RASA version: 1.4.3
Thank You.
Regards, Arunabh