Docs: API - a note about 2 layer protection with http auth and tcp po…

…rt restriction Signed-off-by: Damien DUPORTAL <damien.duportal@gmail.com>
traefik · Aug 20, 2018 · 368bd17 · 368bd17
1 parent 66ee035
commit 368bd17
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/docs/configuration/api.md b/docs/configuration/api.md
@@ -49,7 +49,13 @@ including secret.
 It is not recommended in production,
 unless secured by authentication and authorizations.
 
-A good and sane default is to enable [Basic Authentication](#authentication).
+A good sane default (but not exhaustive) set of recommendations
+would be to apply the following protection mechanism:
+
+* _At application level:_ enabling HTTP [Basic Authentication](#authentication)
+* _At transport level:_ NOT exposing publicly the API's port,
+keeping it restricted over internal networks
+(restricted networks as in https://en.wikipedia.org/wiki/Principle_of_least_privilege).
 
 ## API