[
https://issues.apache.org/jira/browse/ZOOKEEPER-2221?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14603851#comment-14603851
]
Raul Gutierrez Segales commented on ZOOKEEPER-2221:
---------------------------------------------------
Thanks for the patch [~surendrasingh]! A few comments:
* the indentation seems off because of tabs, could you please use spaces for
indentation to make it consistent with the rest of the file?
* could you document the new property (zookeeper.admin.address) in
zookeeperAdmin.html?
Thanks!
> Zookeeper JettyAdminServer server should start on configured IP.
> ----------------------------------------------------------------
>
> Key: ZOOKEEPER-2221
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2221
> Project: ZooKeeper
> Issue Type: Bug
> Components: quorum
> Affects Versions: 3.5.0
> Reporter: Surendra Singh Lilhore
> Assignee: Surendra Singh Lilhore
> Attachments: ZOOKEEPER-2221.patch
>
>
> Currently JettyAdminServer starting on "0.0.0.0" IP. "0.0.0.0" means "all IP
> addresses on the local machine". So, if your webserver machine has two ip
> addresses, 192.168.1.1(private) and 10.1.2.1(public), and you allow a
> webserver daemon like apache to listen on 0.0.0.0, it will be reachable at
> both of those IPs.
> This is security issue. webserver should be accessible from only configured IP
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
