[
https://issues.apache.org/jira/browse/FLINK-20959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17265826#comment-17265826
]
Robert Metzger commented on FLINK-20959:
----------------------------------------
I believe Chesnay posted the wrong Jira ID. I guess he meant:
https://issues.apache.org/jira/browse/FLINK-20875
What we generally recommend users is securing access to the REST API: restrict
who can access the REST API. Not everyone in a company should be allowed
accessing the REST API.
You could for example run Flink in a cluster that is in a (virtual) private
network, where only a few people have access. Or you set up a firewall
restricting access to Flink ports.
If you need to control who can access Flink, you can run Flink's REST API
behind a reverse proxy (for example nginx).
> How to close Apache Flink REST API
> ----------------------------------
>
> Key: FLINK-20959
> URL: https://issues.apache.org/jira/browse/FLINK-20959
> Project: Flink
> Issue Type: Bug
> Components: Runtime / REST
> Affects Versions: 1.10.2
> Reporter: wuchangwen
> Priority: Major
> Fix For: 1.10.2
>
>
> Apache Flink 1.10.2 hasĀ CVE-2020-17518 vulnerability in the REST API. Now
> that I want to turn off the REST API service, how should I set up the
> configuration file?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
