Anything in the "public" directory is made public so that other components (llike Traffic Router) can get to it without authentication. It is recommended that you have some ACLs in front of Traffic Ops to limit who/what can access it.
On Tue, Sep 19, 2017 at 1:52 AM, Nir Ichye <[email protected]> wrote: > Hi, > > It seems that several files in TO can be accessed without credentials. This > includes: > - Coverage Zone File (http[s]://<opsDomain>/routing/coverage-zone.json) > - server.key (http[s]://<opsDomain>/routing/server.key) > - and other files in the public folder. > > Can you tell if the files are public on purpose and if this could be a > security issue? > > Thanks, > Nir. >
