You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/02/24 19:03:53 UTC

[GitHub] [apisix-dashboard] Firstsawyou opened a new issue #1510: the configuration relationship between `host` and `allow_list` in the conf.yaml file

Firstsawyou opened a new issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510


   # Feature request
   
   ## Please describe your feature
   
   If the configuration allows all IPs to access the APISIX Dashboard, only configuring `allow_list` will not take effect immediately, and you need to configure the `host` part. According to the description of the `allow_list` field, it is easy to misunderstand that you only need to configure the `allow_list` part. We should add configuration examples or instructions on how to allow all IPs to access APISIX Dashboard.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] starsz commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

starsz commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785545516


   > They are two different configurations.
   > 
   > Maybe we can set the default value of `listen.host` to `0.0.0.0`.
   
   Agree +1.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] bzp2010 closed issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

bzp2010 closed issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

juzhiyuan commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785551052


   I would prefer to keep the current default value, once users use the following configuration:
   
   - listen.host == 0.0.0.0
   - The ManagerAPI is running in public IP
   - Using the default Username/Password
   
   Then an urgent security issue will occur.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] nic-chen commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785554219


   > I would prefer to keep the current default value, once users use the following configuration:
   > 
   > * listen.host == 0.0.0.0
   > * The ManagerAPI is running in public IP
   > * Using the default Username/Password
   > 
   > Then an urgent security issue will occur.
   
   allow_list default value is `127.0.0.0/24`.
   it's ok for this.
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] nic-chen commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

nic-chen commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785542974


   They are two different configurations.
   
   Maybe we can set the default value of `listen.host` to `0.0.0.0`.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

juzhiyuan commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785551302


   We'd better update the documentation and configuration file more clear about this issue, no matter use 127.0.0.1 or 0.0.0.0


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] Firstsawyou commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

Firstsawyou commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-785551397


   > They are two different configurations.
   > 
   > Maybe we can set the default value of `listen.host` to `0.0.0.0`.
   
   I think it would be better to explain the `allow_list` field.  https://github.com/apache/apisix-dashboard/blob/master/api/conf/conf.yaml#L22
   
   E.g: 
   ```yaml
   allow_list:             # Before configuring `allow_list`, you need to set "host" to "0.0.0.0" .
       - 127.0.0.0/24      # If we don't set any IP list, then any IP access is allowed by default.
   ```


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-dashboard] github-actions[bot] commented on issue #1510: the configuration relationship between "host" and "allow_list" in the conf.yaml file

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on issue #1510:
URL: https://github.com/apache/apisix-dashboard/issues/1510#issuecomment-964981146


   This issue has been marked as stale due to 30 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org