keithkelly
12 months agoLeader
Disabling HTACCESS in Stage?
Our new AzureAD B2C authentication solution needs the the SAML metadata to be publicly accessible. The HTACCESS auth prevents this. Whitelisting IP's is a joke because AzureAD uses many large ranges of IPs and it can be any one.
So, we'd like to disable HTACCESS in Stage.
Notes:
- None of our content is publicly accessible - all behind a login.
- Registrations are disabled.
- Robotx.txt is edited w/ nofollow (if that even matters)
Khoros says we'll need to sign a security waiver. So I'm curious:
- Do any of your communities have HTACCESS for Stage disabled?
- How do you (or would you) go about making sure it's still secure?
Any insight would be appreciated. We're at our wits end here.