diff options
| -rw-r--r-- | rel/overlay/etc/default.ini | 3 | ||||
| -rw-r--r-- | src/chttpd/src/chttpd_auth_request.erl | 6 |
2 files changed, 8 insertions, 1 deletions
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini index 0f0d54793..fbc61afd6 100644 --- a/rel/overlay/etc/default.ini +++ b/rel/overlay/etc/default.ini @@ -98,6 +98,9 @@ max_db_number_for_dbs_info_req = 100 ; uncomment the next line to enable proxy authentication ; authentication_handlers = {chttpd_auth, proxy_authentication_handler}, {chttpd_auth, cookie_authentication_handler}, {chttpd_auth, default_authentication_handler} +; prevent non-admins from accessing /_all_dbs +;admin_only_all_dbs = false + [database_compaction] ; larger buffer sizes can originate smaller files doc_buffer_size = 524288 ; value in bytes diff --git a/src/chttpd/src/chttpd_auth_request.erl b/src/chttpd/src/chttpd_auth_request.erl index 05c5e8e35..2adb1dd1d 100644 --- a/src/chttpd/src/chttpd_auth_request.erl +++ b/src/chttpd/src/chttpd_auth_request.erl @@ -34,7 +34,11 @@ authorize_request_int(#httpd{path_parts=[]}=Req) -> authorize_request_int(#httpd{path_parts=[<<"favicon.ico">>|_]}=Req) -> Req; authorize_request_int(#httpd{path_parts=[<<"_all_dbs">>|_]}=Req) -> - Req; + case config:get("chttpd", "admin_only_all_dbs", "false") of + "false" -> Req; + "true" -> require_admin(Req); + Else -> couch_log:error("Invalid setting for admin_only_all_dbs: ~p. Must be true or false.", [Else]) + end; authorize_request_int(#httpd{path_parts=[<<"_dbs_info">>|_]}=Req) -> Req; authorize_request_int(#httpd{path_parts=[<<"_replicator">>], method='PUT'}=Req) -> |