[
https://issues.apache.org/jira/browse/JAMES-3690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benoit Tellier closed JAMES-3690.
---------------------------------
Resolution: Fixed
> Allow to restrict the host webadmin is listening on
> ---------------------------------------------------
>
> Key: JAMES-3690
> URL: https://issues.apache.org/jira/browse/JAMES-3690
> Project: James Server
> Issue Type: Improvement
> Components: webadmin
> Reporter: Benoit Tellier
> Priority: Major
> Fix For: 3.7.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> By default the WebAdmin server is activated, listens on all addresses without
> JWT security activated by default. This of course represents an open door for
> unaware users, failing to setup decent firewalling.
> There is a `host` option, set to localhost by default, that can provide a
> false sens of safety - however this is not applied.
> The proposal here is:
> - To use the host option to limit interfaces the webadmin server listens on
> - Ship a sample configuration listening on localhost thus preventing
> external use
> - Ship 0.0.0.0 for docker as port exposure is required (we can expect the
> admin to know what he is doing)
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
