Is it safe to block hauk default url ?

[RuralYak]

To minimize exposed surface I wanted to block default hauk url that does not have any reference to a particular endpoint document.

Like https://apps.varden.info/demo/hauk/ is blocked
but https://apps.varden.info/demo/hauk/?2HFB-4KOS allowed

Is that good idea?

[bilde2910]

As long as you're careful to only block only the root URL and only if it does not have query string parameters, then that's completely safe. You can do this using nginx as a reverse proxy with e.g.

location / {
    proxy_pass http://hauk;
}

location ~* ^/(index.html)?$ {
    if ($args ~ "^$") {
        return 403;
    }
    proxy_pass http://hauk;
}

This will return a 403 Forbidden error when you try to access the root, but if you have e.g. ?2HFB-4KOS at the end, it will allow the connection.

[RuralYak]

Think it could be a good suggestion in documentation.

[bilde2910]

I can add a section on it in the FAQ.

[bilde2910]

Added to FAQ.