Bug #21031: Disallow access to /var/www in relay vhost - Rudder - Issue Tracker

Actions

Bug #21031

open

Disallow access to /var/www in relay vhost

Added by Alexis Mousset almost 2 years ago. Updated about 9 hours ago.

Status:

New

Priority:

N/A

Assignee:

-

Category:

System integration

Target version:

Pull Request:

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Infrequent - complex configurations | third party integrations

Effort required:

Very Small

Priority:

0

Name check:

To do

Fix check:

To do

Regression:

Description

Currently when Web/API vhost is split from relay, we expose the content of the wwwroot, /var/www, on https://server/.

This is not actually a problem but:

could be a source of problem if wwwroot changes or is custom content is put into /var/www by the users
is surprising from a user point of view

We should at least disallow access to this folder in relay config.

Actions

#1

Updated by Alexis Mousset almost 2 years ago

Severity set to Critical - prevents main use of Rudder | no workaround | data loss | security
User visibility set to Infrequent - complex configurations | third party integrations
Effort required set to Very Small
Priority changed from 0 to 47

Actions

#2

Updated by Alexis Mousset almost 2 years ago

Target version changed from 7.2.0~beta1 to 7.3.0~beta1
Priority changed from 47 to 46

Actions

#3

Updated by Vincent MEMBRÉ about 1 year ago

Target version changed from 7.3.0~beta1 to 7.3.0~rc1
Priority changed from 46 to 0

Actions

#4

Updated by Vincent MEMBRÉ about 1 year ago

Target version changed from 7.3.0~rc1 to 7.3.0

Actions

#5

Updated by Vincent MEMBRÉ about 1 year ago

Target version changed from 7.3.0 to 7.3.1

Actions

#6

Updated by Vincent MEMBRÉ 12 months ago

Target version changed from 7.3.1 to 7.3.2

Actions

#7

Updated by Vincent MEMBRÉ 11 months ago

Target version changed from 7.3.2 to 7.3.3

Actions

#8

Updated by Vincent MEMBRÉ 10 months ago

Target version changed from 7.3.3 to 7.3.4

Actions

#9

Updated by Vincent MEMBRÉ 9 months ago

Target version changed from 7.3.4 to 7.3.5

Actions

#10

Updated by Alexis Mousset 9 months ago

Target version changed from 7.3.5 to 7.3.6

Actions

#11

Updated by Vincent MEMBRÉ 7 months ago

Target version changed from 7.3.6 to 7.3.7

Actions

#12

Updated by Vincent MEMBRÉ 7 months ago

Target version changed from 7.3.7 to 7.3.8

Actions

#13

Updated by Vincent MEMBRÉ 6 months ago

Target version changed from 7.3.8 to 7.3.9

Actions

#14

Updated by Vincent MEMBRÉ 6 months ago

Target version changed from 7.3.9 to 7.3.10

Actions

#15

Updated by Vincent MEMBRÉ 4 months ago

Target version changed from 7.3.10 to 7.3.11

Actions

#16

Updated by Vincent MEMBRÉ 3 months ago

Target version changed from 7.3.11 to 7.3.12

Actions

#17

Updated by Vincent MEMBRÉ about 2 months ago

Target version changed from 7.3.12 to 7.3.13

Actions

#18

Updated by Vincent MEMBRÉ about 2 months ago

Target version changed from 7.3.13 to 7.3.14

Actions

#19

Updated by Vincent MEMBRÉ about 9 hours ago

Target version changed from 7.3.14 to 7.3.15

Actions

Also available in: Atom PDF