You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/11/20 08:17:12 UTC
[GitHub] [apisix] ShiningRush opened a new pull request #2802: chore: separate admin and proxy port in default config
ShiningRush opened a new pull request #2802:
URL: https://github.com/apache/apisix/pull/2802
Recently, we have a serious security vulnerability caused by `adminapi`.
I synchronize scenarios here:
- Some external business team forget to modify admin port and key after debugging(the ip whitelist is removed), so that anyone can access the `adminapi`
- Some people using the default admin key to scan `adminapi` and found the command execution vulnerability, they reported it to the our company's security platform
Here I think there are two points we can optimize:
- the default configuration is to separate proxy and admin port
- `adminapi` command execution vulnerability.I will push a PR to apisix after I produce and fix the vulnerability
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on pull request #2802: refactor: separate admin and proxy port in default config
Posted by GitBox <gi...@apache.org>.
spacewander commented on pull request #2802:
URL: https://github.com/apache/apisix/pull/2802#issuecomment-731496840
@juzhiyuan
` conf/config-default.yaml` is changed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #2802: refactor: separate admin and proxy port in default config
Posted by GitBox <gi...@apache.org>.
spacewander merged pull request #2802:
URL: https://github.com/apache/apisix/pull/2802
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on pull request #2802: refactor: separate admin and proxy port in default config
Posted by GitBox <gi...@apache.org>.
juzhiyuan commented on pull request #2802:
URL: https://github.com/apache/apisix/pull/2802#issuecomment-731506694
> @juzhiyuan
> ` conf/config-default.yaml` is changed.
Oh yes!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on pull request #2802: refactor: separate admin and proxy port in default config
Posted by GitBox <gi...@apache.org>.
spacewander commented on pull request #2802:
URL: https://github.com/apache/apisix/pull/2802#issuecomment-731492583
Note: merge it after 2.1 is released and works well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org