diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2019-08-29 17:17:37 -0500 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2019-08-29 17:17:37 -0500 |
| commit | 7698d405506bc10dfd7fb2e6e02b419dd5925725 (patch) | |
| tree | b2c188fd3bc588f15d04d8ce6137f9447f7a72c7 /doc/security | |
| parent | fa160c26b14d233eb2e3b861a0742766d1ac734b (diff) | |
| parent | 090956259c47d839b136f9391c3f74255764da81 (diff) | |
| download | gitlab-ce-7698d405506bc10dfd7fb2e6e02b419dd5925725.tar.gz | |
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'doc/security')
| -rw-r--r-- | doc/security/README.md | 1 | ||||
| -rw-r--r-- | doc/security/asset_proxy.md | 28 |
2 files changed, 29 insertions, 0 deletions
diff --git a/doc/security/README.md b/doc/security/README.md index e3fb07c69c2..fe96f7f2846 100644 --- a/doc/security/README.md +++ b/doc/security/README.md @@ -18,3 +18,4 @@ type: index - [Enforce Two-factor authentication](two_factor_authentication.md) - [Send email confirmation on sign-up](user_email_confirmation.md) - [Security of running jobs](https://docs.gitlab.com/runner/security/) +- [Proxying images](asset_proxy.md) diff --git a/doc/security/asset_proxy.md b/doc/security/asset_proxy.md new file mode 100644 index 00000000000..f25910d3db7 --- /dev/null +++ b/doc/security/asset_proxy.md @@ -0,0 +1,28 @@ +A possible security concern when managing a public facing GitLab instance is +the ability to steal a users IP address by referencing images in issues, comments, etc. + +For example, adding `` to +an issue description will cause the image to be loaded from the external +server in order to be displayed. However this also allows the external server +to log the IP address of the user. + +One way to mitigate this is by proxying any external images to a server you +control. GitLab handles this by allowing you to run the "Camo" server +[cactus/go-camo](https://github.com/cactus/go-camo#how-it-works). +The image request is sent to the Camo server, which then makes the request for +the original image. This way an attacker only ever seems the IP address +of your Camo server. + +Once you have your Camo server up and running, you can configure GitLab to +proxy image requests to it. The following settings are supported: + +| Attribute | Description | +| ------------------------ | ----------- | +| `asset_proxy_enabled` | (**If enabled, requires:** `asset_proxy_url`) Enable proxying of assets. | +| `asset_proxy_secret_key` | Shared secret with the asset proxy server. | +| `asset_proxy_url` | URL of the asset proxy server. | +| `asset_proxy_whitelist` | Assets that match these domain(s) will NOT be proxied. Wildcards allowed. Your GitLab installation URL is automatically whitelisted. | + +These can be set via the [Application setting API](../api/settings.md) + +Note that a GitLab restart is required to apply any changes. |