> On 18 Apr 2017, at 08:03, chris <[email protected]> wrote: > > Hi guys, > > so I'm trying to restrict requests from known domains eg > > > { # Allow nodes to request a new certificate match-request: { path: > "/puppet-ca/v1/certificate_request" type: path method: [get, put] } allow: [ > "*.dev.XXX.com", "*.dev.YYY.com" ] sort-order: 500 name: "puppetlabs csr" }, > Did you restart puppetserver after doing the change?
> > > having read puppet docs on hocon style files, inc arrays, wildcards etc. > > However, when I try to use this, I get > > Client: > Error: Could not request certificate: Error 403 on SERVER: Forbidden request: > /puppet-ca/v1/certificate_request/a.b.com (method :get). Please see the > server logs for details. > > > > Server: > 2017-04-13 03:20:42,855 ERROR [qtp1106686223-70] [p.t.a.rules] Forbidden > request: 10.112.19.76 access to /puppet-ca/v1/certificate_request/a.b.com > (method :get) (authenticated: false) denied by rule 'puppetlabs csr'. > > > > Server version is 2.7.0 (puppet v4). > > Can anybody help? > > Thanks > Chris > > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/384ce816-ea37-45ca-aa8d-83a44f0bc732%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/2B9ECE98-8A3D-4D67-B9E1-5DCD5C4A3288%40gmail.com. For more options, visit https://groups.google.com/d/optout.
