security.txt is a proposed IETF standard to allow independent security
researchers to easily report vulnerabilities. The standard defines that a text
security.txt should be found at «/.well-known/security.txt». For
legacy compatibility reasons the file might also be placed at «/security.txt».
security.txt is implemented in haproxy as all public
endpoints reside behind it. It defaults to directing any request paths that
/security.txt to the text file using an ACL rule in haproxy.
Use the following process to add a
security.txt file to your deployment
Write the contents of the
security.txtfile in accordance with the standard.
Define the contents of
security.txtin the variable
haproxy_security_txt_content: | # This is my example security.txt file # Please see https://securitytxt.org/ for details of the specification of this file
# openstack-ansible haproxy-install.yml
Advanced security.txt ACL¶
In some cases you may need to change the haproxy ACL used to redirect requests
security.txt file, such as adding extra domains.
The haproxy ACL is updated by overriding the variable