HomeSecurity & Governance › Dispatcher security checklist

Dispatcher security checklist

Purpose: The delivery-tier hardening list: filters, selectors, and the verification that must run from outside.

Who this page is for

AudienceWhy it matters to you
Platform engineersConfig owners
All engineersEvery new endpoint touches this

Filter checklist (deny by default, then narrow allows)

Beyond filters

Verification is external or it is fiction

A quarterly (and per-go-live) probe through the CDN from the internet: scripted curl suite of every blocked pattern above expecting 404/403, plus the allowed set expecting 200. Keep the suite in git; run it in the pipeline against stage on dispatcher config changes (farm design CI note). The config file says what you intended; only the probe says what is true.

Quick navigation