[ https://issues.apache.org/jira/browse/TS-766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-766: ----------------------------- Fix Version/s: 3.1 Moving this out to v3.1, it's a good suggestion, I just don't think anyone has the time to fix this for v3.0. If security is a concern, and you need clustering, the only suggestion I have is to do ACLs of some sort (e.g. iptables or other firewall rules, which ought to be easy to setup). > Authenticate access to cluster command port > ------------------------------------------- > > Key: TS-766 > URL: https://issues.apache.org/jira/browse/TS-766 > Project: Traffic Server > Issue Type: Improvement > Components: Clustering, Network > Affects Versions: 2.1.8 > Reporter: Arno Toell > Labels: security > Fix For: 3.1 > > > Similar to TS-765, the cluster RPC interface should not be reachable by > everyone. Instead some kind of peer authentication should apply. When > clustering is enabled, please authenticate and/or restrict access to the RPC > interface in a way only trusted peers are allowed to control the server. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira