From bc3f23fff53aaf73b956f3d14d589ca72b471920 Mon Sep 17 00:00:00 2001
From: liuyang <yang_liu0418@163.com>
Date: Mon, 12 Jun 2023 10:09:36 +0800
Subject: [PATCH] forbidden jenkins /script access

---
 deploy/jenkins/master/ingress.yaml                       | 3 +++
 deploy/jenkins/opengauss-cn4-jenkins-master/ingress.yaml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/deploy/jenkins/master/ingress.yaml b/deploy/jenkins/master/ingress.yaml
index f73414ac..838602fd 100644
--- a/deploy/jenkins/master/ingress.yaml
+++ b/deploy/jenkins/master/ingress.yaml
@@ -9,6 +9,9 @@ metadata:
     nginx.ingress.kubernetes.io/configuration-snippet: |
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Frame-Options "SAMEORIGIN";
+      location /script {
+        return 403;
+      }
   name: opengauss-jenkins-ingress
 spec:
   tls:
diff --git a/deploy/jenkins/opengauss-cn4-jenkins-master/ingress.yaml b/deploy/jenkins/opengauss-cn4-jenkins-master/ingress.yaml
index 7f866401..fbcd8d71 100644
--- a/deploy/jenkins/opengauss-cn4-jenkins-master/ingress.yaml
+++ b/deploy/jenkins/opengauss-cn4-jenkins-master/ingress.yaml
@@ -8,6 +8,9 @@ metadata:
     nginx.ingress.kubernetes.io/configuration-snippet: |
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Frame-Options "SAMEORIGIN";
+      location /script {
+          return 403;
+        }
   name: opengauss-jenkins-ingress
   namespace: jenkins
 spec:
-- 
Gitee