The Glimpse.axd page provides information about Glimpse and its configuration. I am wondering if we can suppress the display of this page since it leaks lots of information about the current configuration.


vdhant wrote Nov 13, 2013 at 2:04 AM

Not sure if you have seen this yet, but the Glimpse.axd page is now lockable by using a custom security policy. Blog post is coming soon, but in the mean time this shows how https://github.com/Glimpse/Glimpse/issues/584#issuecomment-28188660.

dukesb11 wrote Dec 9, 2013 at 5:59 PM

Blog post is http://blog.getglimpse.com/2013/12/09/protect-glimpse-axd-with-your-custom-runtime-policy/

Tried adding RuntimeEvent.ExecuteResource to ExecuteOn of the super-user policy, but it doesn't look like we get that user info automatically for the glimpse.axd request, so it always denies access. Don't remember off the top of my head how to get DNN to process the auth cookie for non-DNN URLs, but shouldn't be too hard.