Securing Sentry installation by limiting publicly available endpoints

barseghyanartur · January 29, 2020, 11:24am

I haven’t found anything on this in official documentation, therefore the question.

Imagine if one would want to have a extremely secure self-hosted Sentry setup and would then want to only make create issue endpoints available to the outside world, keeping the rest of the Sentry endpoints functioning from within VPN only. Which endpoints would then have to be publicly accessible?

jhermann · January 29, 2020, 1:59pm

The only path that needs to be publicly accessible for event ingestion is ^/api/\d+/store/$ . Everything else can be blocked from public access. This endpoint is used to accept events only, with no read access, and is safe to expose.

Secure/hide the admin behind proxy/firewall? - #2 by matt

barseghyanartur · January 29, 2020, 3:31pm

@jhermann: Thank you!

Topic		Replies	Views
Secure/hide the admin behind proxy/firewall? On-Premise	2	2353	March 8, 2021
On-premise inside private network, what endpoints to expose	1	851	July 24, 2019
Securing on-prem for client side errors	2	761	January 10, 2019
Proxy events from self hosted sentry to sentry.io	0	626	March 1, 2022
Private vs Public DSN	0	812	November 11, 2021

Securing Sentry installation by limiting publicly available endpoints

Related Topics