[ https://issues.apache.org/jira/browse/ZOOKEEPER-2221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14603851#comment-14603851 ]
Raul Gutierrez Segales commented on ZOOKEEPER-2221: --------------------------------------------------- Thanks for the patch [~surendrasingh]! A few comments: * the indentation seems off because of tabs, could you please use spaces for indentation to make it consistent with the rest of the file? * could you document the new property (zookeeper.admin.address) in zookeeperAdmin.html? Thanks! > Zookeeper JettyAdminServer server should start on configured IP. > ---------------------------------------------------------------- > > Key: ZOOKEEPER-2221 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2221 > Project: ZooKeeper > Issue Type: Bug > Components: quorum > Affects Versions: 3.5.0 > Reporter: Surendra Singh Lilhore > Assignee: Surendra Singh Lilhore > Attachments: ZOOKEEPER-2221.patch > > > Currently JettyAdminServer starting on "0.0.0.0" IP. "0.0.0.0" means "all IP > addresses on the local machine". So, if your webserver machine has two ip > addresses, 192.168.1.1(private) and 10.1.2.1(public), and you allow a > webserver daemon like apache to listen on 0.0.0.0, it will be reachable at > both of those IPs. > This is security issue. webserver should be accessible from only configured IP -- This message was sent by Atlassian JIRA (v6.3.4#6332)