Actions
Bug #21031
open
Disallow access to /var/www in relay vhost
Pull Request:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Very Small
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
Description
Currently when Web/API vhost is split from relay, we expose the content of the wwwroot, /var/www, on https://server/.
This is not actually a problem but:
- could be a source of problem if wwwroot changes or is custom content is put into /var/www by the users
- is surprising from a user point of view
We should at least disallow access to this folder in relay config.
Updated by 
Updated by
Actions