Now that all sites have moved over to Pantheon from Acquia, there are a few ends to tie up. Our new vendor, Pantheon, includes a web application firewall, or WAF for short. Turning on this WAF will beef up our security from potential threats. However, it was noticed that some of our custom blocks threw out 403 errors to editors when updates were made. It happened infrequently and randomly due to post requests being blocked by the WAF. Instead of "poking holes" in the WAF, which could cause vulnerabilities, a different approach was decided and agreed upon by the Web Advisory. The 403 errors did not exhibit while editing using the Pantheon URL (in other words, the alias of the site that is used by our provider).
So what does that mean? Well, it means that editors should use the Pantheon URL to edit. The problem with that is that not all editors know what the Pantheon URL is for their site. In order to not cause confusion and be as seamless as possible, a redirect on each site will be put in place that will automatically take the editor to the Pantheon URL when they try to access *sitename*.ucr.edu/cas. So do not be alarmed to see "pantheonsite.io" in the URL. You are in the right place!
Quick Notes
- Do not distribute Pantheon URLs to the public. When you want visitors to view a page that has been published, always use the *sitename*.ucr.edu/* URLs.
- This is a rolling update and you may not yet see the change to your site. We expect to have these redirects complete by end of July.
- Only when ALL launched sites have a redirect in place will the WAF will be turned on. (Exceptions for the inaugural group of sites being tested.)
- If there are pages in your site behind CAS for visitor access, these will not be impacted by the redirect. They will function as normal, keeping the visitor on the UCR domain.
- As a reminder, Acquia is no longer used or tied to your UCR domains. Do not edit an acsitefactory URL.