Actions
Bug #21031
openDisallow access to /var/www in relay vhost
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
Description
Currently when Web/API vhost is split from relay, we expose the content of the wwwroot, /var/www, on https://server/.
This is not actually a problem but:
- could be a source of problem if wwwroot changes or is custom content is put into /var/www by the users
- is surprising from a user point of view
We should at least disallow access to this folder in relay config.
Updated by Alexis Mousset over 2 years ago
- Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
- User visibility set to Infrequent - complex configurations | third party integrations
- Effort required set to Very Small
- Priority changed from 0 to 47
Updated by Alexis Mousset over 2 years ago
- Target version changed from 7.2.0~beta1 to 7.3.0~beta1
- Priority changed from 47 to 46
Updated by Vincent MEMBRÉ almost 2 years ago
- Target version changed from 7.3.0~beta1 to 7.3.0~rc1
- Priority changed from 46 to 0
Updated by Vincent MEMBRÉ almost 2 years ago
- Target version changed from 7.3.0~rc1 to 7.3.0
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.0 to 7.3.1
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.1 to 7.3.2
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.2 to 7.3.3
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.3 to 7.3.4
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.4 to 7.3.5
Updated by Alexis Mousset over 1 year ago
- Target version changed from 7.3.5 to 7.3.6
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.6 to 7.3.7
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 7.3.7 to 7.3.8
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.8 to 7.3.9
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.9 to 7.3.10
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 7.3.10 to 7.3.11
Updated by Vincent MEMBRÉ 11 months ago
- Target version changed from 7.3.11 to 7.3.12
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 7.3.12 to 7.3.13
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 7.3.13 to 7.3.14
Updated by Vincent MEMBRÉ 8 months ago
- Target version changed from 7.3.14 to 7.3.15
Updated by Vincent MEMBRÉ 7 months ago
- Target version changed from 7.3.15 to 7.3.16
Updated by Vincent MEMBRÉ 6 months ago
- Target version changed from 7.3.16 to 7.3.17
Actions