Re: [graylog2] Graylog 2 beta API port listening issue in the website

Thu, 21 Apr 2016 04:06:08 -0700 

Hey Eric,

regarding point 3: what are your exact security concerns about exposing the 
REST API?

Kind regards,
        D.

--
Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog company
Steckelhörn 11
20457 Hamburg
Germany

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

> On 21.04.2016, at 09:03, er...@muneris.io wrote:
> 
> Dear Graylog community support / users,
> 
> I have been using Graylog since 1.2 and its working great.
> 
> Just discover a change about a health check in Graylog's web just might cause 
> problems.
> It's known and normal that the Graylog's web service detects the server 
> node(s) healthiness with API thru TCP 12900.
> 
> However I noticed an issue in Graylog 2.
> When I am trying out Graylog 2 (Alpha and Beta), the web UI automatically 
> calls TCP 12900 (API port) in the client side using the public address.
> That is, from the developer mode of the browser, I can see URL call of 
> http://<graylog web service hostname>:12900/system/cluster/node. This causes 
> the following issues:
> 
> 1) With the default configuration, such check listens to private IP of the 
> server. So just when deploying the Graylog to internet, the check fails. 
> (Unless we access the website through VPN IP or update rest_transport_uri in 
> /opt/graylog/conf/graylog.conf)
> 2) Health check should probably be done in background in the server (i.e. 
> like Graylog 1.2, 1.3...the checking will not be exposed to client side / 
> browser)
> 3) We need to expose TCP 12900 of the web service to public, security concern 
> arises as the API port would be facing the public internet as well
> 
> Thank you.
> Eric
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/a43a9ea9-2b6b-4d6a-8b91-1304b84dd008%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/7FE12566-B7BC-41BB-810F-BE3D31D632EF%40graylog.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to