Securing Sentry installation by limiting publicly available endpoints

barseghyanartur · January 29, 2020, 11:24am

I haven’t found anything on this in official documentation, therefore the question.

Imagine if one would want to have a extremely secure self-hosted Sentry setup and would then want to only make create issue endpoints available to the outside world, keeping the rest of the Sentry endpoints functioning from within VPN only. Which endpoints would then have to be publicly accessible?

jhermann · January 29, 2020, 1:59pm

The only path that needs to be publicly accessible for event ingestion is ^/api/\d+/store/$ . Everything else can be blocked from public access. This endpoint is used to accept events only, with no read access, and is safe to expose.

Secure/hide the admin behind proxy/firewall? - #2 by matt

barseghyanartur · January 29, 2020, 3:31pm

@jhermann: Thank you!

Topic		Replies	Views
Secure/hide the admin behind proxy/firewall? On-Premise	2	2671	March 8, 2021
On-premise inside private network, what endpoints to expose	1	957	July 24, 2019
Sending events to Sentry On-Premise	3	1234	April 28, 2018
Securing on-prem for client side errors	2	813	January 10, 2019
Proxy events from self hosted sentry to sentry.io	0	743	March 1, 2022

Securing Sentry installation by limiting publicly available endpoints

Related topics