Another thought - a 'catch all' path for fail2ban to catch attempted accessess to undefined paths. I haven't tested this to see if there is such a thing in BaseX https://stackoverflow.com/questions/50282541/catch-all-url-in-golang
On Mon, Jan 18, 2021 at 5:26 PM Christian Grün christian.gruen@gmail.com wrote:
Hi Adam,
You could have a loot at our Permissions layer [1]. It can be used for all kinds of checks, not only those specific to authentication. I think we should generalize the concept in a future version of BaseX and introduce additional post-hooks.
Hope this helps? Christian
[1] https://docs.basex.org/wiki/Permissions
On Mon, Jan 18, 2021 at 3:19 AM Adam Law adamjameslaw@gmail.com wrote:
Golang has great middleware functionality for endpoints that allows a
person to readily secure all of them. I was wondering there would be anyway doing similar in BaseX for restxq & websockets. For example by requiring all requests to have a particular query parameter (very basic example). ... to protect say against browser / javascript port scanning.
Eg
https://stackoverflow.com/questions/26204485/gorilla-mux-custom-middleware and check that request contains a particular parameter (very basic security)
It seems that I have to secure each endpoint individually.
Adam