[JAMES-3690] Allow to restrict the host webadmin is listening on - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.7.0
Component/s: webadmin
Labels:
None

Description

By default the WebAdmin server is activated, listens on all addresses without JWT security activated by default. This of course represents an open door for unaware users, failing to setup decent firewalling.

There is a `host` option, set to localhost by default, that can provide a false sens of safety - however this is not applied.

The proposal here is:

To use the host option to limit interfaces the webadmin server listens on
Ship a sample configuration listening on localhost thus preventing external use
Ship 0.0.0.0 for docker as port exposure is required (we can expect the admin to know what he is doing)

Attachments

Issue Links

links to

GitHub Pull Request #832

Activity

People

Assignee:: Unassigned

Reporter:: Benoit Tellier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Jan/22 04:57

Updated:: 13/Jan/22 05:04

Resolved:: 13/Jan/22 05:04

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

10m