[
https://issues.apache.org/jira/browse/CLOUDSTACK-7958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969183#comment-15969183
]
ASF GitHub Bot commented on CLOUDSTACK-7958:
--------------------------------------------
Github user wido commented on the issue:
https://github.com/apache/cloudstack/pull/2046
@DaanHoogland: I improved the logging as you suggested/requested.
A TRACE for every request and WARN when a request is denied. Tried this
locally:
<pre>
2017-04-14 15:45:58,901 WARN [c.c.a.ApiServlet]
(catalina-exec-17:ctx-5955fcab ctx-c572b42e) (logid:7b251506) Request by
accountId 2 was denied since 192.168.122.1 does not match 127.0.0.1/8,::1/128
<pre>
In this case only localhost (IPv4/IPv6) is allowed to perform requests.
> Limit user login to specific subnets
> ------------------------------------
>
> Key: CLOUDSTACK-7958
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7958
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API, Management Server
> Affects Versions: Future
> Reporter: Wido den Hollander
> Assignee: Wido den Hollander
> Priority: Minor
> Fix For: Future
>
>
> When exposing the API there is a potential danger that a user gets his hands
> on a account with Admin privileges and does bad things to a cloud.
> It would be a useful feature if we could limit certain accounts/users to
> specific subnets.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
