-
Task
-
Resolution: Done
-
Major
-
None
-
2.4 GA
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
Currently, all the routes created in 3scale On-premises are configured with Insecure Policy: Allow:
# oc get route | awk '{print $1}' | grep -v "NAME" | \ > while read ROUTE; do oc describe route ${ROUTE} | grep "Name:\|Insecure Policy:" ; echo ; done Name: api-apicast-production Insecure Policy: Allow Name: api-apicast-staging Insecure Policy: Allow Name: apicast-wildcard-router Insecure Policy: Allow Name: backend Insecure Policy: Allow Name: system-developer Insecure Policy: Allow Name: system-master Insecure Policy: Allow Name: system-provider-admin Insecure Policy: Allow
According to:
https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#secured-routes
insecureEdgeTerminationPolicy: Allow - The insecure policy to allow requests sent on an insecure scheme HTTP.
insecureEdgeTerminationPolicy: Redirect - The insecure policy to redirect requests sent on an insecure scheme HTTP to a secure scheme HTTPS.
It doesn't detail insecureEdgeTerminationPolicy: None, but I guess this completely disables any HTTP like request.
Does 3scale need HTTP-only communication either internally (backend), when accessing the Admin or Developer Portals (system-developer, system-master, system-provider-admin) or in APIcast (apicast-wildcard-router, api-apicast-staging, api-apicast-production)?
What would be the effect of changing them to "None" or "Redirect"?
