Deny Anonymous Read - Consul

ukchaitanya · December 13, 2021, 11:46am

hi @eddie-rowe, Resolved it by removing the default token from the consul.json config file and adding deny policy. Thanks for your help!
Deny anonymous policy content:

service_prefix "" { policy = "deny" }
service "" { policy = "deny" } 
key_prefix "" { policy = "deny" } 
node_prefix "" { policy = "deny" }
agent_prefix "" { policy = "deny" }
query_prefix "" { policy = "deny" }

Current consul config:

{
"addresses": {"https": "0.0.0.0","http": "127.0.0.1"},
"ports": {"https": 8500,"http": 8400},
  "acl" : {
    "enabled": true,
    "default_policy": "deny",
    "down_policy": "extend-cache",
    "tokens" : {
                "agent" : "my-agent-token"
                }
  },
"verify_outgoing": true,
"verify_incoming_rpc": false
}

Earlier had the default token along with the agent in the config file! Guess i had missed it in my previous response.

Topic		Replies	Views
How to restrict access to /v1/catalog/register for anonymous requests? Consul	1	404	June 7, 2020
DNS Lookups on consul.service.consul when ACL set to deny? Consul	3	1167	January 25, 2020
Consul UI ACL policy edit issue Consul	5	617	October 28, 2021
ACL policy for DNS and UI Consul	1	417	September 22, 2020
Consul ACL - Policies Consul acl	2	239	March 18, 2024

Deny Anonymous Read - Consul

Related topics