I'm looking for a way to secure the vaultservice virtual directory or at least remove "anonymous" from the directory security. Our developers work remotely and need to connect to vault while not on the VPN. With the default install settings, anyone with the vaultservice url (say "www.mycompany.com/vaultservice") will see the vault installation web pages and can begin poking around and that makes our IT folks uneasy.
Is there a way to require windows authentication to view the vaultservice web files without interfering with access from the vault client? When I disable "anonymous" in the Directory Security tab for the VaultService virtual directory, I'm no longer able to connect from the Vault Client. We are using AD for authentication to Vault, so my question is specifically about restricting access to the vaultservice web files by anonymous users via a web browser.
Securing the Vault virtual directory
Moderator: SourceGear
Re: Securing the Vault virtual directory
The supported installation of Vault requires anonymous access. However, we do know of users who have modified the Vault web.config file to restrict access to specific users/domains. This is more of an IIS configuration issue and beyond the scope of Vault technical support. However, this might provide some ideas:
http://msdn.microsoft.com/en-us/library/ff647405.aspx
If you're concerned about non-users being able to access the Vault Service page, a low-tech solution could be to rename the index.html page in the Vault Service directory.
http://msdn.microsoft.com/en-us/library/ff647405.aspx
If you're concerned about non-users being able to access the Vault Service page, a low-tech solution could be to rename the index.html page in the Vault Service directory.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager