[ English | Indonesia | français | Deutsch | English (United Kingdom) | 한국어 (대한민국) | español | русский ]
Security.txt¶
security.txt is a proposed IETF standard to allow independent security
researchers to easily report vulnerabilities. The standard defines that a text
file called security.txt
should be found at « /.well-known/security.txt ». For
legacy compatibility reasons the file might also be placed at « /security.txt ».
In OpenStack-Ansible, security.txt
is implemented in haproxy as all public
endpoints reside behind it and the text file is hosted by keystone. It defaults
to directing any request paths that end with /security.txt
to the text
file using an ACL rule in haproxy.
Enabling security.txt¶
Use the following process to add a security.txt
file to your deployment
using OpenStack-Ansible:
Write the contents of the
security.txt
file in accordance with the standard.Define the contents of
security.txt
in the variablekeystone_security_txt_content
in the/etc/openstack_deploy/user_variables.yml
file:
keystone_security_txt_content: | # This is my example security.txt file # Please see https://securitytxt.org/ for details of the specification of this file
Update keystone
# openstack-ansible os-keystone-install.yml
Update haproxy
# openstack-ansible haproxy-install.yml
Advanced security.txt ACL¶
In some cases you may need to change the haproxy ACL used to redirect requests
to the security.txt
file, such as adding extra domains.
The haproxy ACL is updated by overriding the variable
haproxy_security_txt_acl
in the
/etc/openstack_deploy/user_variables.yml
file.