Project

General

Profile

Actions

Bug #21031

open

Disallow access to /var/www in relay vhost

Added by Alexis Mousset over 2 years ago. Updated 6 months ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

Currently when Web/API vhost is split from relay, we expose the content of the wwwroot, /var/www, on https://server/.

This is not actually a problem but:

  • could be a source of problem if wwwroot changes or is custom content is put into /var/www by the users
  • is surprising from a user point of view

We should at least disallow access to this folder in relay config.

Actions #1

Updated by Alexis Mousset over 2 years ago

  • Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
  • User visibility set to Infrequent - complex configurations | third party integrations
  • Effort required set to Very Small
  • Priority changed from 0 to 47
Actions #2

Updated by Alexis Mousset over 2 years ago

  • Target version changed from 7.2.0~beta1 to 7.3.0~beta1
  • Priority changed from 47 to 46
Actions #3

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 7.3.0~beta1 to 7.3.0~rc1
  • Priority changed from 46 to 0
Actions #4

Updated by Vincent MEMBRÉ almost 2 years ago

  • Target version changed from 7.3.0~rc1 to 7.3.0
Actions #5

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.0 to 7.3.1
Actions #6

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.1 to 7.3.2
Actions #7

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.2 to 7.3.3
Actions #8

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.3 to 7.3.4
Actions #9

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.4 to 7.3.5
Actions #10

Updated by Alexis Mousset over 1 year ago

  • Target version changed from 7.3.5 to 7.3.6
Actions #11

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.6 to 7.3.7
Actions #12

Updated by Vincent MEMBRÉ over 1 year ago

  • Target version changed from 7.3.7 to 7.3.8
Actions #13

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.8 to 7.3.9
Actions #14

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.9 to 7.3.10
Actions #15

Updated by Vincent MEMBRÉ about 1 year ago

  • Target version changed from 7.3.10 to 7.3.11
Actions #16

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 7.3.11 to 7.3.12
Actions #17

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.12 to 7.3.13
Actions #18

Updated by Vincent MEMBRÉ 10 months ago

  • Target version changed from 7.3.13 to 7.3.14
Actions #19

Updated by Vincent MEMBRÉ 8 months ago

  • Target version changed from 7.3.14 to 7.3.15
Actions #20

Updated by Vincent MEMBRÉ 7 months ago

  • Target version changed from 7.3.15 to 7.3.16
Actions #21

Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 7.3.16 to 7.3.17
Actions

Also available in: Atom PDF