Benoit Tellier created JAMES-3690:
-------------------------------------
Summary: Allow to restrict the host webadmin is listening on
Key: JAMES-3690
URL: https://issues.apache.org/jira/browse/JAMES-3690
Project: James Server
Issue Type: Improvement
Components: webadmin
Reporter: Benoit Tellier
Fix For: 3.7.0
By default the WebAdmin server is activated, listens on all addresses without
JWT security activated by default. This of course represents an open door for
unaware users, failing to setup decent firewalling.
There is a `host` option, set to localhost by default, that can provide a false
sens of safety - however this is not applied.
The proposal here is:
- To use the host option to limit interfaces the webadmin server listens on
- Ship a sample configuration listening on localhost thus preventing external
use
- Ship 0.0.0.0 for docker as port exposure is required (we can expect the
admin to know what he is doing)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
