You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2022/01/10 04:58:00 UTC
[jira] [Created] (JAMES-3690) Allow to restrict the host webadmin is listening on
Benoit Tellier created JAMES-3690:
-------------------------------------
Summary: Allow to restrict the host webadmin is listening on
Key: JAMES-3690
URL: https://issues.apache.org/jira/browse/JAMES-3690
Project: James Server
Issue Type: Improvement
Components: webadmin
Reporter: Benoit Tellier
Fix For: 3.7.0
By default the WebAdmin server is activated, listens on all addresses without JWT security activated by default. This of course represents an open door for unaware users, failing to setup decent firewalling.
There is a `host` option, set to localhost by default, that can provide a false sens of safety - however this is not applied.
The proposal here is:
- To use the host option to limit interfaces the webadmin server listens on
- Ship a sample configuration listening on localhost thus preventing external use
- Ship 0.0.0.0 for docker as port exposure is required (we can expect the admin to know what he is doing)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org