[
https://issues.apache.org/jira/browse/ZOOKEEPER-2699?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15878428#comment-15878428
]
Mohammad Arshad commented on ZOOKEEPER-2699:
--------------------------------------------
Thanks [~revans2] for the information. yes, IP based restriction will not be
effective.
> Restrict 4lw commands based on client IP
> ----------------------------------------
>
> Key: ZOOKEEPER-2699
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2699
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Reporter: Mohammad Arshad
> Assignee: Mohammad Arshad
>
> Currently 4lw commands are executed without authentication and can be
> accessed from any IP which has access to ZooKeeper server. ZOOKEEPER-2693
> attempts to limit the 4lw commands which are enabled by default or enabled by
> configuration.
> In addition to ZOOKEEPER-2693 we should also restrict 4lw commands based on
> client IP as well. It is required for following scenario
> # User wants to enable all the 4lw commands
> # User wants to limit the access of the commands which are considered to be
> safe by default.
>
> *Implementation:*
> we can introduce new property 4lw.commands.host.whitelist
> # By default we allow all the hosts, but off course only on the 4lw exposed
> commands as per the ZOOKEEPER-2693
> # It can be configured to allow individual IPs(192.168.1.2,192.168.1.3 etc.)
> # It can also be configured to allow group of IPs like 192.168.1.*
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
