Re: [I] Need to limit access to Fauxton UI to localhost, but maintain remote API access. [couchdb]
estoT1 closed issue #4827: Need to limit access to Fauxton UI to localhost, but maintain remote API access. URL: https://github.com/apache/couchdb/issues/4827 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Need to limit access to Fauxton UI to localhost, but maintain remote API access. [couchdb]
estoT1 commented on issue #4827: URL: https://github.com/apache/couchdb/issues/4827#issuecomment-1788763323 Thank you, this fully answers my question! Have a great day! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Need to limit access to Fauxton UI to localhost, but maintain remote API access. [couchdb]
rnewson commented on issue #4827: URL: https://github.com/apache/couchdb/issues/4827#issuecomment-1788722544 Got it. What you can do is remove all the files under the `share/www` directory, and then `/_utils` won't serve up those files. You can then place those files elsewhere and use haproxy/nginx/anything to serve them, putting whatever additional access restrictions you'd like over them. If you're building from source you can use the `--disable-fauxton` configure option which skips all the build steps for fauxton and skips the crucial final step of copying the output into the `share` directory in the artifact. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Need to limit access to Fauxton UI to localhost, but maintain remote API access. [couchdb]
estoT1 commented on issue #4827: URL: https://github.com/apache/couchdb/issues/4827#issuecomment-1788590244 Thank you for your prompt reply, all feedback is appreciated. From your reply I infer the Fauxton UI cannot be limited to local host bind address from the APIs? Short answer: Reducing the attack surface. Everything has its issue and must be patched. Long answer: To minimize the impact of UI vulnerabilities and assign appropriate maintenance plan/risk response plan for the CouchDB asset group. Thanking you in advance! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] Need to limit access to Fauxton UI to localhost, but maintain remote API access. [couchdb]
rnewson commented on issue #4827: URL: https://github.com/apache/couchdb/issues/4827#issuecomment-1787623697 To what end? Fauxton is just calling the API, it has no special privileges. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@couchdb.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
