Bug #21031: Disallow access to /var/www in relay vhost - Rudder - Issue Tracker

Actions

Copy link

Bug #21031

open

Disallow access to /var/www in relay vhost

Added by Alexis Mousset about 2 years ago. Updated 9 days ago.

Status:

New

Priority:

N/A

Assignee:

Category:

System integration

Target version:

7.3.15

Pull Request:

Severity:

Critical - prevents main use of Rudder | no workaround | data loss | security

UX impact:

User visibility:

Infrequent - complex configurations | third party integrations

Effort required:

Very Small

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

Currently when Web/API vhost is split from relay, we expose the content of the wwwroot, /var/www, on https://server/.

This is not actually a problem but:

could be a source of problem if wwwroot changes or is custom content is put into /var/www by the users
is surprising from a user point of view

We should at least disallow access to this folder in relay config.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #21031

Disallow access to /var/www in relay vhost

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ about 1 year ago

Updated by Vincent MEMBRÉ 12 months ago

Updated by Vincent MEMBRÉ 10 months ago

Updated by Vincent MEMBRÉ 10 months ago

Updated by Alexis Mousset 9 months ago

Updated by Vincent MEMBRÉ 8 months ago

Updated by Vincent MEMBRÉ 8 months ago

Updated by Vincent MEMBRÉ 6 months ago

Updated by Vincent MEMBRÉ 6 months ago

Updated by Vincent MEMBRÉ 5 months ago

Updated by Vincent MEMBRÉ 3 months ago

Updated by Vincent MEMBRÉ 2 months ago

Updated by Vincent MEMBRÉ about 2 months ago

Updated by Vincent MEMBRÉ 9 days ago