Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not advertise HTTP caches #1915

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Do not advertise HTTP caches #1915

wants to merge 1 commit into from

Conversation

turetske
Copy link
Collaborator

For security reasons, we want to stop advertisement of HTTP caches.

This only occurs with non-pelican caches, which should be phased out by April. As such this shouldn't cause a large disruption (there are only a few caches where this occurs)

I decided to stop those caches from advertising to the director because I don't want them to be listed in the federation if they aren't available to the user.

@turetske turetske added cache Issue relating to the cache component security labels Jan 17, 2025
@turetske turetske added this to the v7.13.0 milestone Jan 17, 2025
@turetske turetske linked an issue Jan 17, 2025 that may be closed by this pull request
Stop director from redirecting to caches starting with 'http' #1888
Open
@bbockelm
Copy link
Collaborator

I'm not sure this is the best approach here.

Are these caches really HTTP-only? Seems like we only need to avoid redirecting to HTTP but we don't need to remove all the caches that speak both protocols.

For example, the LIGO cache at Caltech has both https://stashcache.ligo.caltech.edu:8443 and http://stashcache.ligo.caltech.edu:8000; not redirecting for HTTP will have minimal impact but removing support for HTTPS will have a huge impact at their site.

jhiemstrawisc
jhiemstrawisc requested changes Jan 18, 2025
View reviewed changes
director/advertise.go Outdated Show resolved Hide resolved
director/resources/mock_topology.json Outdated Show resolved Hide resolved
director/resources/multi_export_topology.json Outdated Show resolved Hide resolved
director/director_test.go Outdated Show resolved Hide resolved
@turetske turetske force-pushed the no-redirectects-http-caches branch from 41aadb2 to 3b41c4f Compare January 24, 2025 23:14
@turetske turetske force-pushed the no-redirectects-http-caches branch from 3b41c4f to 5455562 Compare January 24, 2025 23:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhiemstrawisc jhiemstrawisc Awaiting requested review from jhiemstrawisc

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
cache Issue relating to the cache component security
Projects
None yet
Milestone
v7.13.0
Development

Successfully merging this pull request may close these issues.

Stop director from redirecting to caches starting with 'http'
3 participants
@turetske @bbockelm @jhiemstrawisc