Commit Graph

33 Commits (a1f00e454899d8c35fd152188523bb5a2fa54795)

Author SHA1 Message Date
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816)
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
Jeff Boruszak 5f129ad5b2
docs: Fix heading errors in security models (#21227)
fixes
2024-05-28 09:54:38 -07:00
Blake Covarrubias fbc2b93bc4
docs: Rename Consul OSS to Consul CE (#19009)
Rename references of Consul OSS to Consul Community Edition (CE).

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-27 09:31:28 -07:00
Blake Covarrubias 5d0edec01f
docs: Replace unicode quotes with ASCII quotes (#18950)
Replaces unicode quotation marks with ASCII quotation marks.

For code examples, this fixes HCL decoding errors that would otherwise
be raised when attempting to read the file.
2023-09-21 15:17:14 -07:00
Fulvio f4b08040fd
Add verify server hostname to tls default (#17155) 2023-07-10 10:34:41 -05:00
Jared Kirschner 166d7a39e8
docs: consistently name Consul service mesh (#17222)
Remove outdated usage of "Consul Connect" instead of Consul service mesh.

The connect subsystem in Consul provides Consul's service mesh capabilities.
However, the term "Consul Connect" should not be used as an alternative to
the name "Consul service mesh".
2023-05-05 13:41:40 -04:00
Ashlee M Boyer 6e425f7428
docs: Migrate link formats (#15976)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 08:52:43 -08:00
boruszak f797d128c7 Spacing and title fixes 2022-09-16 10:28:32 -05:00
boruszak 0e042654dc Merge 'main' into docs/search-metadata-headers 2022-09-15 15:34:36 -05:00
Jeff Boruszak 0dba086cdb
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-09-15 12:10:20 -05:00
Bryce Kalow 85c1a33c42
website: content updates for developer (#14419)
Co-authored-by: Ashlee Boyer <ashlee.boyer@hashicorp.com>
Co-authored-by: Ashlee M Boyer <43934258+ashleemboyer@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: HashiBot <62622282+hashibot-web@users.noreply.github.com>
Co-authored-by: Kevin Wang <kwangsan@gmail.com>
2022-09-14 17:45:42 -05:00
boruszak dd8907c137 /docs/security/security-models 2022-09-13 14:26:07 -05:00
Tu Nguyen 110139a4df revert links to learn 2022-09-06 08:35:01 -07:00
Tu Nguyen 6dcc2a2110 Update Learn links in prep for devdot 2022-08-25 22:49:29 -07:00
Blake Covarrubias a78015c5fd
docs: Redirect /docs/security/acl/acl-system (#12975)
/docs/security/acl/acl-system was renamed in e9a42df from PR #12460 to
/docs/security/acl. A corresponding redirect was not added for this
page, resulting in a 404 being returned when accessing the old URL
path.

This commit redirects the former URL path to the new location, and
also updates all links on the site to point to the new location.
2022-05-09 09:04:23 -07:00
Karl Cardenas dbaed47da2
docs: fixes makdown leakage 2022-04-27 14:15:39 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
Jared Kirschner 74b181018b
docs: make gossip threat model more visible 2022-03-23 11:46:56 -04:00
Dan Upton b36d4e16b6
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 9cc9122be8 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Blake Covarrubias f09aea524f Fix spelling errors 2022-01-20 08:54:23 -08:00
Blake Covarrubias 26401c5c26 Convert absolute URLs to relative URLs for consul.io 2022-01-20 08:52:51 -08:00
Blake Covarrubias 59394e4aa2 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Natalie Smith 24c67f2dfa docs: simplify agent docs slugs 2022-01-10 17:37:18 -08:00
Natalie Smith 00c2444cfc docs: fix external links to agent config pages 2022-01-10 17:11:50 -08:00
Jared Kirschner 0b02dbb410 docs: give tutorials links for securing UI access 2021-09-07 22:13:09 -07:00
Amos Shapira 9870c8dc0f
docs: Add missing "is" on core security models (#10975)
Add missing "is" in description of `auto_encrypt.tls` parameter on
core security models page.
2021-09-01 22:07:20 -07:00
Blake Covarrubias 832896ed11 docs: Fix spelling errors across website 2021-07-19 14:29:54 -07:00
Zachary Shilton 8671762474
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
Jeff Escalante 582dce9d8f
maintenance complete, pending markdown-page component addition 2020-12-16 16:55:23 -05:00