Secure/hide the admin behind proxy/firewall?

firewalldude · November 7, 2019, 11:27am

Hi!

Would love some guidance on how to best setup sentry so that

All resources is denied by default (firewall/proxy blocking based on IP or “VPC”)
Only the needed endpoints used by the raven clients are open to the public

Lemme know if this is doable and which URL paths and HTTP methods that needs to be open to restrict posting in events only.

Thx
Mr. Firewall-Dude

matt · November 7, 2019, 3:34pm

The only path that needs to be publicly accessible for event ingestion is ^/api/\d+/store/$.

Everything else can be blocked from public access. This endpoint is used to accept events only, with no read access, and is safe to expose.

thmarti · March 8, 2021, 11:25pm

I’m I right to assume it has now changed to this?
^/api/\d+/envelope/$

Topic		Replies	Views
Securing Sentry installation by limiting publicly available endpoints On-Premise	2	2614	January 29, 2020
IP range for Raven services? Feedback	5	1779	January 20, 2017
Client IP Getting Masked by Sentry Proxy	8	4844	January 18, 2019
403 doing any sort of post sending events On-Premise	1	1625	May 25, 2018
Sending events to Sentry On-Premise	3	1253	April 28, 2018