enforce a 'deny all' default rule

this ensures that an access list is 'secure by default' and requires the user to create exceptions or holes in the proection instead of building the wall entirely. This also means that we no longer require the user to input any username/passwords or client addressses and can avoid internal errors which generate unhelpful user errors.
2020-04-13 19:52:44 -07:00
parent 005e64eb9f
commit e2ee2cbf2d
3 changed files with 13 additions and 9 deletions
--- a/frontend/js/app/nginx/access/form.ejs
+++ b/frontend/js/app/nginx/access/form.ejs
@ -55,6 +55,18 @@
                <!-- Access -->
                <div class="tab-pane" id="access">
                    <div class="clients"><!-- clients --></div>
+                    <div class="row">
+                        <div class="col-sm-3 col-md-3">
+                            <div class="form-group">
+                                <input type="text" class="form-control disabled" value="deny" disabled>
+                            </div>
+                        </div>
+                        <div class="col-sm-9 col-md-9">
+                            <div class="form-group">
+                                <input type="text" class="form-control disabled" value="all" disabled>
+                            </div>
+                        </div>
+                    </div>
                    <div class="text-muted">Note that the <code>allow</code> and <code>deny</code> directives will be applied in the order they are defined.</div>
                </div>

--- a/frontend/js/app/nginx/access/form.js
+++ b/frontend/js/app/nginx/access/form.js
@ -119,7 +119,7 @@ module.exports = Mn.View.extend({
            }
        }

-        let clients_to_add = 5 - clients.length;
+        let clients_to_add = 4 - clients.length;
        if (clients_to_add) {
            for (let i = 0; i < clients_to_add; i++) {
                clients.push({});